- (Exam Topic 1)
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?

1. A. SAT
2. B. BAT
3. C. HAT
4. D. RAT

Correct Answer: D

- (Exam Topic 2)
In an IaaS cloud services model, which security function is the provider responsible for managing?

1. A. Internet proxy
2. B. firewalling virtual machines
3. C. CASB
4. D. hypervisor OS hardening

Correct Answer: B
In this IaaS model, cloud providers offer resources to users/machines that include computers as virtualmachines, raw (block) storage, firewalls, load balancers, and network devices.Note: Cloud access security broker (CASB) provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware such as ransomware.

- (Exam Topic 3)
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

1. A. Orchestration
2. B. CI/CD pipeline
3. C. Container
4. D. Security

Correct Answer: B
Reference: https://devops.com/how-to-implement-an-effective-ci-cd-pipeline/

- (Exam Topic 3)
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

1. A. Malware installation
2. B. Command-and-control communication
3. C. Network footprinting
4. D. Data exfiltration

Correct Answer: D
Reference: https://www.netsurion.com/articles/5-types-of-dns-attacks-and-how-to-detect-them

- (Exam Topic 1)
When wired 802.1X authentication is implemented, which two components are required? (Choose two)

1. A. authentication server: Cisco Identity Service Engine
2. B. supplicant: Cisco AnyConnect ISE Posture module
3. C. authenticator: Cisco Catalyst switch
4. D. authenticator: Cisco Identity Services Engine
5. E. authentication server: Cisco Prime Infrastructure

Correct Answer: AC