思科网络工程师题库2.pdf
《思科网络工程师题库2.pdf》由会员分享,可在线阅读,更多相关《思科网络工程师题库2.pdf(109页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、CCNP/CCIE SecuritySCOR思科网络工程师题库2Ql.What can be integrated with Cisco Threat Intelligence Director to provide informationabout security threats,which allows the SOC to proactively automate responses to thosethreats?A.Cisco UmbrellaB.External Threat FeedsC.Cisco Threat GridD.Cisco StealthwatchAnswer:C
2、Explanation:Cisco Threat Intelligence Director(CTID)can be integrated with existing Threat IntelligencePlatforms deployed by your organization to ingest threat intelligence automatically.Reference:https:/ ctorQ2.Which solution combines Cisco IOS and IOS XE components to enable administrators torecog
3、nize applications,collect and send network metrics to Cisco Prime and other third-partymanagement tools,and prioritize application traffic?A.Cisco Security IntelligenceB.Cisco Application Visibility and ControlC.Cisco Model Driven TelemetryD.Cisco DNA CenterAnswer:BExplanation:The Cisco Application
4、Visibility and Control(AVC)solution leverages multiple technologies torecognize,analyze,and control over 1000 applications,including voice and video,email,filesharing,gaming,peer-to-peer(P2P),and cloud-based applications.AVC combines severalCisco IOS/IOS XE components,as well as communicating with e
5、xternal tools,to integrate thefollowing functions into a powerful solution.Reference:https:/ erview.h tmlQ3.Which two activities can be done using Cisco DNA Center?(Choose two)A.DHCPB.DesignC.AccountingD.DNSE.ProvisionAnswer:BEExplanation:Cisco DNA Center has four general sections aligned to IT work
6、flows:Design:Design your network for consistent configurations by device and by site.Physicalmaps and logical topologies help provide quick visual reference.The direct import featurebrings in existing maps,images,and topologies directly from Cisco Prime Infrastructure andthe Cisco Application Policy
7、 Infrastructure Controller Enterprise Module(APIC-EM),makingupgrades easy and quick.Device configurations by site can be consolidated in a goldenimage that can be used to automatically provision new network devices.These new devicescan either be pre-staged by associating the device details and mappi
8、ng to a site.Or they canbe claimed upon connection and mapped to the site.Policy:Translate business intent intonetwork policies and apply those policies,such as access control,traffic routing,and qualityof service,consistently over the entire wired and wireless infrastructure.Policy-based accesscont
9、rol and network segmentation is a critical function of the Cisco Software-Defined Access(SD-Access)solution built from Cisco DNA Center and Cisco Identity Services Engine(ISE).Cisco Al Network Analytics and Cisco Group-Based Policy Analytics running in the Cisco DNACenter identify endpoints,group si
10、milar endpoints,and determine group communicationbehavior.Cisco DNA Center then facilitates creating policies that determine the form ofcommunication allowed between and within members of each group.ISE then activates theunderlying infrastructure and segments the network creating a virtual overlay t
11、o follow thesepolicies consistently.Such segmenting implements zero-trust security in the workplace,reduces risk,contains threats,and helps verify regulatory compliance by giving endpoints justthe right level of access they need.Provision:Once you have created policies in Cisco DNA Center,provisioni
12、ng is a simpledrag-and-drop task.The profiles(called scalable group tags or SGTs)in the Cisco DNACenter inventory list are assigned a policy,and this policy will always follow the identity.Theprocess is completely automated and zero-touch.New devices added to the network areassigned to an SGT based
13、on identity-greatly facilitating remote office setups.Assurance:Cisco DNA Assurance,using AI/ML,enables every point on the network to becomea sensor,sending continuous streaming telemetry on application performance and userconnectivity in real time.The clean and simple dashboard shows detailed netwo
14、rk health andflags issues.Then,guided remediation automates resolution to keep your network performingat its optimal with less mundane troubleshooting work.The outcome is a consistentexperience and proactive optimization of your network,with less time spent ontroubleshooting tasks.Reference:https:/w
15、ww.cisco.eom/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-ce nter-so-cte-en.htmlQ4.What must be used to share data between multiple security products?A.Cisco Rapid Threat ContainmentB.Cisco Platform Exchange GridC.Cisco Advanced Malware ProtectionD.Cisco Stealthwatch Clo
16、udAnswer:BQ5.Which Cisco product is open,scalable,and built on IETF standards to allow multiplesecurity products from Cisco and other vendors to share data and interoperate with eachother?A.Advanced Malware ProtectionB.Platform Exchange GridC.Multifactor Platform IntegrationD.Firepower Threat Defens
17、eAnswer:BExplanation:With Cisco pxGrid(Platform Exchange Grid),your multiple security products can now sharedata and work together.This open,scalable,and IETF standards-driven platform helps youautomate security to get answers and contain threats faster.Q6.What is a feature of the open platform capa
18、bilities of Cisco DNA Center?A.intent-based APIsB.automation adaptersC.domain integrationD.application adaptersAnswer:AQ7.What is the function of the Context Directory Agent?A.maintains users group membershipsB.relays user authentication requests from Web Security Appliance to Active DirectoryC.read
19、s the Active Directory logs to map IP addresses to usernamesD.accepts user authentication requests on behalf of Web Security Appliance for useridentificationAnswer:CExplanation:Cisco Context Directory Agent(CDA)is a mechanism that maps IP Addresses to usernamesin order to allow security gateways to
20、understand which user is using which IP Address in thenetwork,so those security gateways can now make decisions based on those users(or thegroups to which the users belong to).CDA runs on a Cisco Linux machine;monitors in real time a collection of Active Directorydomain controller(DC)machines for au
21、thentication-related events that generally indicateuser logins;learns,analyzes,and caches mappings of IP Addresses and user identities in itsdatabase;and makes the latest mappings available to its consumer devices.Reference:https:/www.cisco.eom/c/en/us/td/docs/security/ibf/cda_10/lnstall_Config_guid
22、e/cdal0/cda_ovevi w.htmlQ8.What is a characteristic of a bridge group in ASA Firewall transparent mode?A.It includes multiple interfaces and access rules between interfaces are customizableB.It is a Layer 3 segment and includes one port and customizable access rulesC.It allows ARP traffic with a sin
23、gle access ruleD.It has an IP address on its BVI interface and is used for management traffic Answer:AExplanation:A bridge group is a group of interfaces that the ASA bridges instead of routes.Bridge groupsare only supported in Transparent Firewall Mode.Like any other firewall interfaces,accesscontr
24、ol between interfaces is controlled,and all of the usual firewall checks are in place.Eachbridge group includes a Bridge Virtual Interface(BVI).The ASA uses the BVI IP address as thesource address for packets originating from the bridge group.The BVI IP address must be onthe same subnet as the bridg
25、e group member interfaces.The BVI does not support traffic onsecondary networks;only traffic on the same network as the BVI IP address is supported.Youcan include multiple interfaces per bridge group.If you use more than 2 interfaces per bridgegroup,you can control communication between multiple seg
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 思科 网络工程师 题库
限制150内