- (Exam Topic 1)
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)

1. A. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
2. B. single sign-on access to on-premises and cloud applications
3. C. integration with 802.1x security using native Microsoft Windows supplicant
4. D. secure access to on-premises and cloud applications
5. E. identification and correction of application vulnerabilities before allowing access to resources

Correct Answer: AD
Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using asecond factor (like your phone or other mobile device) prevents anyone but you from logging in, even if theyknow your password.Note: Single sign-on (SSO) is a property of identity and access management that enables users to securelyauthenticate with multiple applications and websites by logging in only once with just one set of credentials(username and password). With SSO, the application or website that the user is trying to access relies on atrusted third party to verify that users are who they say they are.

- (Exam Topic 3)
A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

1. A. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy
2. B. Make the priority for the new policy 5 and the primary policy 1
3. C. Change the encryption to AES* to support all AES algorithms in the primary policy
4. D. Make the priority for the primary policy 10 and the new policy 1

Correct Answer: B
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470- site-to-site-vpn-configuration-on-ftd-ma.html

- (Exam Topic 2)
What is the role of an endpoint in protecting a user from a phishing attack?

1. A. Use Cisco Stealthwatch and Cisco ISE Integration.
2. B. Utilize 802.1X network security to ensure unauthorized access to resources.
3. C. Use machine learning models to help identify anomalies and determine expected sending behavior.
4. D. Ensure that antivirus and anti malware software is up to date

Correct Answer: C

- (Exam Topic 3)
Refer to the exhibit.

Which configuration item makes it possible to have the AAA session on the network?

1. A. aaa authentication login console ise
2. B. aaa authentication enable default enable
3. C. aaa authorization network default group ise
4. D. aaa authorization exec default ise

Correct Answer: C

- (Exam Topic 3)
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)

1. A. Cisco Cloud Director
2. B. Cisco Prime Infrastructure
3. C. PowerOn Auto Provisioning
4. D. Seed IP
5. E. CDP AutoDiscovery

Correct Answer: CD