- (Exam Topic 2)
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

1. A. It allows multiple security products to share information and work together to enhance security posture in the network.
2. B. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.
3. C. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.
4. D. It integrates with third-party products to provide better visibility throughout the network.
5. E. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Correct Answer: CE
Reference:
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/trustsec-witheasy-connect-c

- (Exam Topic 1)
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

1. A. blocked ports
2. B. simple custom detections
3. C. command and control
4. D. allowed applications
5. E. URL

Correct Answer: BD
Advanced Malware Protection (AMP) for Endpoints offers a variety of lists, referred to as Outbreak Control, that allow you to customize it to your needs. The main lists are: Simple Custom Detections, Blocked Applications, Allowed Applications, Advanced Custom Detections, and IP Blocked and Allowed Lists.A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect andquarantine.Allowed applications lists are for files you never want to convict. Some examples are a custom application that is detected by a generic engine or a standard image that you use throughout the company Reference: https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf

- (Exam Topic 3)
What are two workload security models? (Choose two.)

1. A. SaaS
2. B. PaaS
3. C. off-premises
4. D. on-premises
5. E. IaaS

Correct Answer: CD

- (Exam Topic 1)
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

1. A. Correlation
2. B. Intrusion
3. C. Access Control
4. D. Network Discovery

Correct Answer: D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide-v64/introd

- (Exam Topic 3)
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

1. A. The engineer is attempting to upload a hash created using MD5 instead of SHA-256
2. B. The file being uploaded is incompatible with simple detections and must use advanced detections
3. C. The hash being uploaded is part of a set in an incorrect format
4. D. The engineer is attempting to upload a file instead of a hash

Correct Answer: A