00:00

QUESTION 21

- (Exam Topic 3)
Which Cisco ISE feature helps to detect missing patches and helps with remediation?

Correct Answer: B

QUESTION 22

- (Exam Topic 3)
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

Correct Answer: C
"configure INTRUSION RULES for DNP3" -> Documentation states, that enabling INTRUSION RULES is mandatory for CIP to work + required preprocessors (in Network Access Policy - NAP) will be enabled automatically:
"If you want the CIP preprocessor rules listed in the following table to generate events, you MUST enable them. See Setting Intrusion Rule States for information on enabling rules."
"If the Modbus, DNP3, or CIP preprocessor is disabled, and you enable and deploy an intrusion rule that requires one of these preprocessors, the system automatically uses the required preprocessor, with its current settings, although the preprocessor remains disabled in the web interface for the corresponding network analysis policy."
[1]
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/scada

QUESTION 23

- (Exam Topic 3)
An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE Which action accomplishes this task?

Correct Answer: D

QUESTION 24

- (Exam Topic 1)
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

Correct Answer: C
Reference:
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-IntelligentProxy

QUESTION 25

- (Exam Topic 2)
What are two Trojan malware attacks? (Choose two)

Correct Answer: BD