- (Exam Topic 3)
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) The eDirectory client must be installed on each client workstation.

1. A. Create NTLM or Kerberos authentication realm and enable transparent user identification
2. B. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.
3. C. Create an LDAP authentication realm and disable transparent user identification.
4. D. Deploy a separate eDirectory server: the client IP address is recorded in this server

Correct Answer: AB
Transparently identify users with authentication realms – This option is available when one or more authentication realms are configured to support transparent identification using one of the following authentication servers:
Active Directory – Create an NTLM or Kerberos authentication realm and enable transparent user identification. In addition, you must deploy a separate Active Directory agent such as Cisco’s Context Directory Agent. For more information, see Transparent User Identification with Active Directory.
LDAP – Create an LDAP authentication realm configured as an eDirectory, andenable transparent user identification. For more information, see Transparent User Identification with LDAP.
Details:
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGui

- (Exam Topic 3)
What are two features of NetFlow flow monitoring? (Choose two)

1. A. Can track ingress and egress information
2. B. Include the flow record and the flow importer
3. C. Copies all ingress flow information to an interface
4. D. Does not required packet sampling on interfaces
5. E. Can be used to track multicast, MPLS, or bridged traffic

Correct Answer: AE
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/cfgmpls-netflow

- (Exam Topic 3)
An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

1. A. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.
2. B. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.
3. C. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.
4. D. Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

Correct Answer: B

- (Exam Topic 1)
An MDM provides which two advantages to an organization with regards to device management? (Choose two)

1. A. asset inventory management
2. B. allowed application management
3. C. Active Directory group policy management
4. D. network device management
5. E. critical device management

Correct Answer: AB

- (Exam Topic 3)
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?

1. A. Configure Dynamic ARP inspection and add entries in the DHCP snooping database.
2. B. Configure DHCP snooping and set trusted interfaces for all client connections.
3. C. Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database.
4. D. Configure DHCP snooping and set a trusted interface for the DHCP server.

Correct Answer: B
Reference: https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuratio