1. Which Cisco security architectural framework helps design secure solutions for the various places in the network (PINs)?
- Cisco SAFE
- Cisco DNA
- Cisco ENFV
- Cisco NGFW
2. Which Cisco SAFE secure domain is concerned with the technologies involving access control, VPNs, and encryption?
- secure services
- security intelligence
- threat defense
- compliance
3. Which component in the AMP architecture makes the intelligent decisions on whether a file is clean, malicious, or unknown?
- AMP Cloud
- Cisco Talos
- AMP Connector
- Cisco Threat Grid
4. According to Gartner, Inc., what are three IPS functions that should be included in a next-generation IPS? (Choose three.)
- real-time contextual awareness
- advanced threat protection
- intelligent security automation
- application-level inspection
- stateful firewall protection
- advanced malware protection
5. Which security service is provided by 802.1x?
- port-based network access control
- malware analysis and protection across the full attack continuum
- malware analysis of files
- protection against emerging threats for Cisco products
6. Which three security concepts in the Cisco SAFE framework are used to evaluate each PIN? (Choose three.)
- compliance
- threat defense
- segmentation
- threat grid
- malware protection
- intrusion prevention
7. Which component of the Cisco SAFE framework consists of a team of security experts who develop threat intelligence that protects against threats for Cisco products?
- Cisco Talos
- Cisco Umbrella
- Cisco Stealthwatch
- Cisco ISE
8. What is a solution for identifying malware through file analysis performed in a controlled and monitored sandbox environment?
- Cisco Threat Grid
- Cisco Umbrella
- Cisco Stealthwatch
- Cisco ISE
9. Which security function is provided by a firewall?
- allows or blocks trafic by performing packet filtering and stateful inspection
- passively monitors network traffic and logs intrusion attacks for security analysis
- passively monitors network traffic and automatically blocks intrusion attacks
- aggregates and correlates threat events, contextual information, and network device performance data
10. What is the default timeout period for initiation of 802.1x authentication before the authenticator with MAB enabled proceeds with MAC authentication bypass?
- 30 seconds
- 90 seconds
- 120 seconds
- 180 seconds
11. Which two Cisco solutions are used by Cisco Web Security Appliance for real-time threat intelligence to protect against the latest threats? (Choose two.)
- Cisco Talos
- Cisco AMP
- Cisco Umbrella
- Cisco ISE
- Cisco Threat Grid
12. Which place in the network (PIN) typically contains the critical information assets and intellectual property of an organization?
- data center
- edge
- branch
- WAN
13. Which three threat protection capabilities are provided by Cisco ESA? (Choose three.)
- spam protection
- forged email detection
- phishing protection
- cloud access security
- Layer 4 traffic monitoring
- web filtering
“Do I Know This Already?” Quiz Answers:
1. The Cisco security architectural framework is known as ______.
- Cisco SEAF
- Cisco Threat Grid
- Cisco SAFE
- Cisco Validated Designs
2. Which of the following are Cisco SAFE’s PINs in the network? (Choose all that apply.)
- Internet
- Data center
- Branch office
- Edge
- Campus
- Cloud
- WAN
3. Cisco SAFE includes which of the following secure domains? (Choose all that apply.)
- Threat defense
- Segmentation
- Segregation
- Compliance
4. Which of the following is the Cisco threat intelligence organization?
- Cisco Stealthwatch
- Cisco Threat Grid
- Cisco Talos
- Cisco Threat Research, Analysis, and Communications (TRAC) team
5. What is the Threat Grid?
- The Cisco threat intelligence organization
- The Cisco sandbox malware analysis solution
- The Cisco security framework
- An aggregator of network telemetry data
6. Which of the following relies on NetFlow data for security analysis?
- Cisco WSA
- Cisco Stealthwatch
- Cisco Talos
- Cisco Threat Grid
7. True or false: Without Cisco ISE, it would not be possible to implement pxGrid.
- True
- False
8. Which of the following EAP methods supports EAP chaining?
- EAP-TTLS
- EAP-FAST
- EAP-GTC
- PEAP
9. True or false: SGT tags extend all the way down to the endpoints.
- True
- False
10. Which of the following three phases are defined by Cisco TrustSec? (Choose all that apply.)
- Classification
- Enforcement
- Distribution
- Aggregation
- Propagation