QUESTION NO: 1
Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance?
A. syslog
B. SDEE over SSL
C. RDEP over SSL
D. SSH
Answer: B


QUESTION NO: 2
Which two are parts of the Network Security Lifecycle? (Choose two.)
A. Purchase
B. Integrate
C. Design
D. Operate
E. Develop
Answer: C,D
QUESTION NO: 3
What is a benefit of IPSec + GRE?
A. no need for a separate client
B. support of dynamic connections
C. bandwidth conservation
D. full support of Cisco dynamic routing protocols
Answer: D


QUESTION NO: 4
What is the main reason for customers to implement the Cisco Detector and Guard solution?
A. as a replacement for IPS sensors
B. as aDDoS protection system
C. as a complete appliance-based NAC solution

D. as a replacement for firewalls
Answer: B


QUESTION NO: 5
Which two components should be included in a network design document? (Choose two.)
A. detailed part list
B. complete network blueprint
C. risk analysis
D. operating expense
E. configuration for each device
Answer: A,B
QUESTION NO: 6
Which three are included with the Cisco Security Agent? (Choose three.)
A. packet sniffer
B. host-based intrusion prevention
C. buffer overflow protection
D. Day Zero virus and worm protection
E. plug-in interface to query posture providers
F. Cisco Easy VPN Client
Answer: B,C,D


QUESTION NO: 7
What are three functions of Cisco Security Agent? (Choose three.)
A. malicious mobile code protection
B. spyware and adware protection
C. device-based registry scans
D. protection against buffer overflows
E. local shunning
F. flexibility against new attacks through customizable signatures "on the fly"
Answer: A,B,D QUESTION NO: 8


Which two are valid methods for adding reporting devices into the Cisco Security MARS appliance? (Choose two.)
A. loading the devices from a seed file
B. running an Import Wizard
C. running manual configuration
D. importing the devices fromCiscoWorks VPN/Security Management Solution
E. using CDP to auto discover the Cisco reporting devices
Answer: A,C
QUESTION NO: 9
What is a benefit of the Cisco Integrated Services Routers?
A. Intel Xeon CPUs
B. customer programmable ASIC
C. built-in encryption acceleration
D. built-in event correlation engine

Answer: C


QUESTION NO: 10
What is a valid method of verifying a network security design?
A. pilot or prototype network
B. network health analysis
C. network audit
D. network performance test
Answer: A
QUESTION NO: 11
Which three should be included in a system acceptance test plan? (Choose three.)

A. recommended changes
B. indication of references
C. features to be tested
D. pass and fail criteria
E. resource requirements and schedules
F. product data sheets
Answer: C,D,E
QUESTION NO: 12
Which three features of Cisco Security MARS provide for identity and mitigation of threats? (Choose three.)
A. determines security incidents based on device messages, events, and sessions
B. integrates with Trend Micro to clean infected hosts
C. performs mitigation on Layer 2 ports and at Layer 3 choke points
D. pushes signatures to Cisco IPS to keep viruses from entering the network
E. provides a security solution for preventingDDoS attacks
F. provides incident analysis that is topologically aware for visualization and replay
Answer: A,C,F

QUESTION NO: 13
Which statement is true about the Cisco Security MARS Global Controller?
A. The Global Controller centrally manages a group of Local Controllers.
B. Rules that are created on a Local Controller can be pushed to the Global Controller.
C. The Global Controller receives detailed incidents information from the Local Controllers, and correlates the incidents between multiple Local Controllers.
D. Most data archiving is done by the Global Controller.

Answer: A


QUESTION NO: 14
Which component of the Cisco NAC framework is responsible for compliance evaluation and policy enforcement?
A. network access devices

B. Cisco Secure ACS server
C. posture validation server
D. Cisco Trust Agent
Answer: B


QUESTION NO: 15
What are three advantages of Cisco Security MARS? (Choose three.)
A. contains scalable, distributed event analysis architecture
B. ensures that the user device is not vulnerable
C. performs automatic mitigation on Layer 2 devices
D. provides rapid profile-based provisioning capabilities
E. is network topology aware
F. fixes vulnerable and infected devices automatically
Answer: A,C,E
QUESTION NO: 16
Which two are true about Cisco AutoSecure? (Choose two.)
A. enables log messages to include sequence numbers and time stamps
B. removes the exec-timeout
C. enables identification service
D. blocks all IANA-reserved IP address blocks
E. disablestcp-keepalives-in and tcp-keepalives-out
Answer: A,D

QUESTION NO: 17
Identify two ways to create a long-duration query on the Cisco Security MARS appliance. (Choose two.)
A. by submitting a batch query
B. by saving a query as a rule
C. by modifying an existing report
D. by saving a query as a report
E. by submitting a query in line

Answer: A,C

QUESTION NO: 18
Which two components should be included in a detailed design document? (Choose two.)
A. proof of concept
B. organizational chart
C. data source
D. vendor availability
E. existing network infrastructure
Answer: A,E

QUESTION NO: 19
Which statement is true about the built-in hardware-based encryption that is included with Cisco Integrated Services Routers?
A. It supports SRTP.
B. It stores VPN credentials.
C. It is two times faster than previous modules.
D. It supports 256-bit AES encryption.

Answer: D


QUESTION NO: 20
What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS appliance?
A. to discover and display the full topology
B. to pull the log information from devices
C. to import the device configuration
D. to reconfigure managed devices
Answer: A
QUESTION NO: 21

In the context of Cisco NAC, what is a network access device?
A. Cisco IOS router
B. workstation without Cisco Trust Agent
C. AAA server
D. laptop with Cisco Trust Agent
Answer: A


QUESTION NO: 22
Refer to the exhibit. As each spoke site is added, spoke-to-spoke and spoke-to-hub connectivity will be required. What is the best VPN implementation option?

A. IPSec Easy VPN
B. IPSec DMVPN
C. V3PN
D. GRE over IPSec with dynamic routing
Answer: B


QUESTION NO: 23
Which two are main security drivers? (Choose two.)
A. optimal network operation
B. increased productivity
C. compliance with company policy
D. business needs E. security legislation

Answer: C,E
QUESTION NO: 24
What are three functions of CSA in helping to secure customer environments? (Choose three.)
A. probing of systems for compliance
B. real-time analysis of network traffic
C. system hardening
D. identification of vulnerabilities
E. control of executable content
F. application control
Answer: C,E,F

QUESTION NO: 25
Which two statements are true about symmetric key encryption? (Choose two.)
A. The key exchange can take place via anonsecure channel.
B. It uses secret-key cryptography.
C. It is typically used to encrypt the content of a message.
D. RSA is an example of symmetric key encryption
E. Encryption and decryption use different keys.
Answer: B,C
QUESTION NO: 26 DRAG DROP
Look at the picture.


Answer:



QUESTION NO: 27 DRAG DROP
Look at the picture.

Answer:

QUESTION NO: 28

What are two functions of Cisco Security Agent? (Choose two.)
A. spam filtering
B. authentication
C. resource protection
D. user tracking
E. control of executable content
Answer: C,E
QUESTION NO: 29
Which two should be included in an analysis of a Security Posture Assessment? (Choose two.)
A. identification of critical deficiencies
B. detailed action plan
C. recommendations based on security best practice
D. service offer
E. identification of bottlenecks inside the network
Answer: A,C

QUESTION NO: 30
In which two ways can a Security Posture Assessment help organizations to understand network threats and risk? (Choose two.)
A. by identifying vulnerable systems
B. by coaching system administrators
C. by recommending new products
D. by identifying bottlenecks
E. by recommending areas to improve
Answer: A,E


QUESTION NO: 31
How does CSA protect endpoints?
A. works in conjunction with antivirus software to lock down the OS
B. uses deep-packet application inspections to control application misuse and abuse

C. uses signatures to detect and stop attacks
D. works at the application layer to provide buffer overflow protection
E. uses file system, network, registry, and execution space interceptors to stop malicious activity
Answer: E


QUESTION NO: 32
Which IPS feature models worm behavior and correlates the specific time between events, network behavior, and multiple exploit behavior to more accurately identify and stop worms?
A. Security Device Event Exchange support
B. Meta Event Generator
C. traffic normalization
D. Risk Rating
Answer: B
QUESTION NO: 33 DRAG DROP
Look at the picture.

Answer:

QUESTION NO: 34

Martin, a network administrator at Clever&Smart-Communications, wants to implement command authorization for tighter control of user access rights. Which combination of authentication server and authentication protocol is able to best meet this requirement?
A. Cisco Secure ACS server and TACACS+
B. Cisco Secure ACS server and RADIUS
C. Microsoft IAS server and RADIUS
D. Microsoft Windows Domain Controller and Kerberos
Answer: A


QUESTION NO: 35 CORRECT TEXT
Look at the picture.


QUESTION NO: 36
Which two are valid arguments that you can use to convince a business decision maker of the need for network security? (Choose two.)
A. The network should be secured at any expense.
B. Network security products are complex to manage and that makes them hard to penetrate.
C. A high-performance firewall is the only device that is needed to protect businesses.
D. Cisco products can provide end-to-end network protection against current and emerging threats.
E. Organizations that operate vulnerable networks face increasing liability.
Answer: D,E
QUESTION NO: 37
By providing a detailed inspection of traffic in Layers 2 through 7, the Cisco IPS appliance offers which benefit to the customers?

A. effective prevention of distributed denial of service attacks
B. full network access control
C. detection of Internet access misuse by employees
D. prevention of protocol misuse (for example, tunneling through port 80)

Answer: D


QUESTION NO: 38
Which three components should be included in a security policy? (Choose three.)
A. security best practice
B. software specifications
C. security product recommendation
D. identification and authentication policy
E. incident handling procedure
F. statement of authority and scope
Answer: D,E,F
QUESTION NO: 39
What is a benefit of high-performance AIM that is included with Cisco Integrated Services Routers?
A. support of SRTP
B. hardware-accelerated packet inspection engine
C. removable secure credentials
D. hardware-based encryption and compression
Answer: D


QUESTION NO: 40
Which Cisco management product provides a Security Audit wizard?
A. Cisco Adaptive Security Device Manager
B. CiscoWorks VPN/Security Management Solution
C. Cisco Router and Security Device Manager
D. Cisco Security Auditor

Answer: C


QUESTION NO: 41
What is a feature or function of Cisco Security MARS?
A. enforces authorization policies and privileges
B. supports AAA user login authentication
C. determines security incidents based on device messages, events, and sessions
D. configures, monitors, and troubleshoots Cisco security products
Answer: C


QUESTION NO: 42 DRAG DROP
Look at the picture.

Answer:


QUESTION NO: 43
Self-Defending Network is the Cisco vision for security systems. What is the purpose of the Cisco Secure ACS server?
A. anomaly detection
B. secure connectivity
C. identity management

D. security management
Answer: C


QUESTION NO: 44
Which two features work together to provide Anti-X defense? (Choose two.)
A. enhanced application inspection engines
B. enhanced security state assessment
C. network security event correlation
D. Cisco IPS version 5.0 technology
E. Cisco IOSAutoSecure
Answer: A,D
QUESTION NO: 45
Which Cisco security product can be used to perform a Security Posture Assessment of client workstations?
A. NAC Appliance Manager (NAM)
B. Cisco Trust Agent
C. Cisco Easy VPN Client
D. Cisco Security Agent
Answer: B


QUESTION NO: 46
In which two ways does 802.1x benefit businesses in terms of trust and identity? (Choose two.)
A. allows a user-based policy to be dynamically applied to switched ports
B. identifies which client is consuming how much bandwidth
C. stops malicious code from entering the network
D. probes client devices for compliance
E. prevents any unauthorized device from connecting
Answer: A,E QUESTION NO: 47


What are two beneficial functions of the CiscoWorks VPN/Security Management Solution? (Choose two.)
A. provides functions for monitoring and troubleshooting the health and performance of security devices
B. performs real-time monitoring of site-to-site VPN, remote-access VPN, firewall, and IPS services
C. detects, locates, and mitigates rogue access points
D. performs monitoring and tracking of network response time and availability
E. performs dynamic visualization for fast and intuitive threat identification, tracking, and analysis
Answer: A,B
QUESTION NO: 48
Which three Cisco security products help to prevent application misuse and abuse? (Choose three.)
A. NAC Appliance (Cisco Clean Access)
B. Cisco Security Agent
C. Cisco IOS FW and IPS
D. Cisco Traffic Anomaly Detector
E. Cisco Trust Agent
F. Cisco ASA 5500 Series Adaptive Security Appliances
Answer: B,C,F


QUESTION NO: 49
What allows Cisco Security Agent to block malicious behavior before damage can occur?
A. correlation of network traffic with signatures
B. scan of downloaded files for malicious code
C. user query and response
D. interception of operating system calls
Answer: D
QUESTION NO: 50 DRAG DROP

Look at the picture.

Answer:


QUESTION NO: 51
What are the two main reasons for customers to implement Cisco Clean Access? (Choose two.)
A. integrated network intelligence for superior event aggregation, reduction, and correlation
B. enforcement of security policies by making compliance a condition of access
C. significant cost savings by automating the process of repairing and updating user machines
D. focus on validated incidents, not investigating isolated events
E. provision of secure remote access
F. implementation of NAC phase 1
Answer: B,C
QUESTION NO: 52
What could be a reason to implement Cisco Security Agent?
A. preventing Day Zero attacks
B. validating policy compliance
C. tracking the Internet usage of employees D. communicating the host posture validation to a policy server


Answer: A


QUESTION NO: 53
In which two ways do Cisco ASA 5500 Series Adaptive Security Appliances achieve containment and control? (Choose two.)
A. by performing traffic anomaly detection
B. by tracking the state of all network communications
C. by probing end systems for compliance
D. by preventing unauthorized network access
E. by enabling businesses to create secure connections
Answer: B,D
QUESTION NO: 54
Which Cisco IOS feature uses multipoint GRE and the Next Hop Resolution Protocol to create dynamic IPSec tunnels between spoke (branch) sites?
A. V3PN
B. Easy VPN
C. DMVPN
D. Web VPN
Answer: C
QUESTION NO: 55 DRAG DROP
Look at the picture.


Answer:



QUESTION NO: 56
Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network?
A. Cisco Traffic Anomaly Detector
B. Cisco Secure ACS server
C. NAC Appliance (Cisco Clean Access)
D. Cisco Security Agent
Answer: C


QUESTION NO: 57
On the Cisco Security MARS appliance, what is used to faciliate the management of Event, IP, Service and User management?
A. custom parser
B. groups
C. audit trail log
D. signatures
E. rules
Answer: B
QUESTION NO: 58
Refer to the exhibit. Network security is a continuous process that is built around which element?


A. business requirements
B. customer needs
C. corporate security policy
D. security best practice
Answer: C
QUESTION NO: 59 DRAG DROP
Look at the picture.

Answer:




QUESTION NO: 60 DRAG DROP
Look at the picture.

Answer:


QUESTION NO: 61
Andy, a network administrator at SomeCompany Ltd., is installing a new Cisco Security MARS appliance. After powering up the MARS appliance, what is a valid task?
A. Set the IP address of the computer to 192.168.1.100.
B. Telnet to 192.168.1.1 using the usernamepnadmin and the password pnadmin.
C. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration.

D. Use a Category 5 crossover cable to connect the computer Ethernet port to the MARS eth0 port.
Answer: D


QUESTION NO: 62
Which two features can the USB eToken for Cisco Integrated Services Router be used for? (Choose two.)
A. one-time passwords
B. troubleshooting
C. distribution and storage of VPN credentials
D. secure deployment of configurations
E. command authorization
Answer: C,D
QUESTION NO: 63
When a FWSM is operating in transparent mode, what is true?
A. The FWSM does not support multiple security contexts.
B. The FWSM supports up to 256 VLANs.
C. Each directly connected network must be on the same subnet.
D. Each interface must be on the same VLAN.
Answer: C
QUESTION NO: 64 CORRECT TEXT
Look at the picture.




QUESTION NO: 65
Which two statements about the Firewall Services Module are true? (Choose two.)
A. Up to 1 million simultaneous connections are possible.
B. Two VLAN interfaces connect MSFC and FWSM.
C. Interfaces with the same security level cannot communicate without a translation rule.
D. For traffic from high to low security levels, no access control list is needed.
E. Up to 100 separate security contexts are possible.
Answer: A,E
QUESTION NO: 66
How can you configure a Cisco Security MARS appliance to send notifications via e-mail, pager, syslog, SNMP, or SMS?
A. by creating an event filter
B. by defining the rule "Action"
C. by escalating an incident
D. by running a batch query

Answer: B


QUESTION NO: 67
When implementing a Cisco Integrated Services Router, which feature would you apply to achieve application security?
A. access control lists
B. lock-and-key (dynamic access control lists)
C. Context-based Access Control
D. alerts and audit trails
Answer: C

QUESTION NO: 68
How is Cisco IOS Control Plane Policing achieved?
A. by adding a service-policy to virtual terminal lines and the console port
B. by usingAutoQoS to rate-limit the control plane traffic

C. by applying aQoS policy in control plane configuration mode
D. by disabling unused services
E. by rate-limiting the exchange of routing protocol updates
Answer: C


QUESTION NO: 69
What is a valid step when setting up the Cisco Security MARS appliance for data archiving?
A. Specify the remote TFTP server.
B. Specify the remote FTP server.
C. Specify the remote NFS server.
D. Specify the remote CIFS server.
Answer: C
QUESTION NO: 70 DRAG DROP
Look at the picture.

Answer: