- (Exam Topic 1)
Which two capabilities does TAXII support? (Choose two)

1. A. Exchange
2. B. Pull messaging
3. C. Binding
4. D. Correlation
5. E. Mitigating

Correct Answer: AB
The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for exchangingstructured cyber threat information between parties over the network.TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat information.TAXII Capabilities are the highest level at which TAXII actions can be described. There are three capabilitiesthat this version of TAXII supports: push messaging, pull messaging, and discovery.Although there is no “binding” capability in the list but it is the best answer here.

- (Exam Topic 3)
A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)

1. A. using Cisco Umbrella
2. B. using Cisco ESA
3. C. using Cisco FTD
4. D. using an inline IPS/IDS in the network
5. E. using Cisco ISE

Correct Answer: AB

- (Exam Topic 2)
Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

1. A. configure manager add DONTRESOLVE kregistration key>
2. B. configure manager add <FMC IP address> <registration key> 16
3. C. configure manager add DONTRESOLVE <registration key> FTD123
4. D. configure manager add <FMC IP address> <registration key>

Correct Answer: D
Reference: https://cyruslab.net/2019/09/03/ciscocisco-firepower-lab-setup/

- (Exam Topic 2)
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network
is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

1. A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
2. B. The file is queued for upload when connectivity is restored.
3. C. The file upload is abandoned.
4. D. The ESA immediately makes another attempt to upload the file.

Correct Answer: C
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technoteesa-00.htmlIn this question, it stated “the network is congested” (not the file analysis server was overloaded) so theappliance will not try to upload the file again.

- (Exam Topic 2)
Which two cryptographic algorithms are used with IPsec? (Choose two)

1. A. AES-BAC
2. B. AES-ABC
3. C. HMAC-SHA1/SHA2
4. D. Triple AMC-CBC
5. E. AES-CBC

Correct Answer: CE
Cryptographic algorithms defined for use with IPsec include:+ HMAC-SHA1/SHA2 for integrity protection and authenticity.+ TripleDES-CBC for confidentiality+ AES-CBC and AES-CTR for confidentiality.+ AES-GCM and ChaCha20-Poly1305 providing confidentiality and authentication together efficiently.