Jump to content

ccnpexam18

Members
  • Content Count

    1
  • Joined

  • Last visited

Everything posted by ccnpexam18

  1. First of all congratulation, CCSP2020. Well done and thanks a lot for your feedback. You are 100% correct that the correct answer should be B - Supplicant. An 802.1X authentication can be initiated by either the switch or the supplicant. (As we know, switch is not an endpoint agent). But Supplicant—A client that runs on the endpoint and submits credentials for authentication. Here is a confirmation: [Hidden Content]
  2. According to Cisco Press it will be published on Oct. 6, 2020: [Hidden Content] So we will have to wait a little bit, till it becomes available and will be uploaded for free somewhere...
  3. Here is the link to download the 80q dumps. I've not checked the questions yet (there might be mistakes) and don't know if they are valid... [hide][Hidden Content]] Make use of Hide Tag while posting download links. Usage: [ hide ] link [ /hide ] (without spaces). Read the Board Rules or get banned.
  4. BTW regarding the 1st D&D(about Next Generation Intrusion Prevention System, Advanced Malware, application control and URL filtering, Cisco Web security and their descriptions.), you may look at Firepower licensing and its description what is included and so on: Threat license is used for IPS. Malware license is for AMP. Here is the link to all licenses that should help you to understand better the product and its features and to answer that D&D: [Hidden Content] For more info about WSA (which is web-proxy) you can check: [Hidden Content]
  5. Yes, the number is the same Yes, you should have exactly the same questions. You don't know what to do, just study! Review the dumps, double check all the questions, maybe you will find additional wrong answers as I did. It was the easiest way to study, when you search and double check the questions, that's how you are going to remember all of them. There are 4 D&D: Question 25 Question 28 Question 44 Question 67 As I already wrote the drag and drops I had: 1. about Next Generation Intrusion Prevention System, Advanced Malware, application control and URL filtering, Cisco Web security and their descriptions. Nothing difficult, just their description. I don't remember the exact answers, but for example URL filtering - you connect to allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts. So this D&D is not difficult. 2. IKEv1 vs IKEv2 So for IKEv1 you should select these two options: Main mode and Aggressive mode (the number of needed exchanged messages for Main mode and Aggressive mode): [Hidden Content] for IKEv2 you select: NAT-T, EAP and required number of exchange messages (should be 4) 3. Description of PortScans: Portscan Detection - A one-to-one portscan in which an attacker uses one or a few hosts to scan multiple ports on a single target host. Port Sweep - A one-to-many portsweep in which an attacker uses one or a few hosts to scan a single port on multiple target hosts. Decoy Portscan - A one-to-one portscan in which the attacker mixes spoofed source IP addresses with the actual scanning IP address. Distributed Portscan - A many-to-one portscan in which multiple hosts query a single host for open ports. Table 3: [Hidden Content] 4. the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services. Pay attention exactly to 'Installation' section of this document [Hidden Content] I have nothing to add to D&D, everything I remember I wrote.
  6. Same number as the dumps (102 questions).
  7. R2013 , there are only 4 D&D. Please, review my message above, where I described them. In my exam I haven’t had any additional D&D or questions beside the questions in the dump.
  8. And I think, here is one more error: QUESTION 88 What provides visibility and awareness into what is currently occurring on the network? A. CMX B. WMI C. Prime Infrastructure D. Telemetry Correct Answer: D Telemetry- Information and/or data that provides awareness and visibility into what is occurring on the network at any given time from networking devices, appliances, applications or servers in which the core function of the device is not to generate security alerts designed to detect unwanted or malicious activity from computer networks. [Hidden Content]
  9. Hello, Yes, dumps are valid (just pay attention to the errors, that I found) and you will be able to pass the exam. Drag and drops I had: 1. about Next Generation Intrusion Prevention System, Advanced Malware, application control and URL filtering, Cisco Web security and their descriptions. Nothing difficult, just their description. 2. IKEv1 vs IKEv2 So for IKEv1 you should select these two options: Main mode and Aggressive mode (the number of needed exchanged messages for Main mode and Aggressive mode): [Hidden Content] for IKEv2 you select: NAT-T, EAP and required number of exchange messages (should be 4) 3. Description of PortScans: Portscan Detection - A one-to-one portscan in which an attacker uses one or a few hosts to scan multiple ports on a single target host. Port Sweep - A one-to-many portsweep in which an attacker uses one or a few hosts to scan a single port on multiple target hosts. Decoy Portscan - A one-to-one portscan in which the attacker mixes spoofed source IP addresses with the actual scanning IP address. Distributed Portscan - A many-to-one portscan in which multiple hosts query a single host for open ports. Table 3: [Hidden Content] 4. the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services. Pay attention exactly to 'Installation' section of this document [Hidden Content]
  10. One more mistake: QUESTION 12 Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.) A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically. B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device. C. The IPsec configuration that is set up on the active device must be duplicated on the standby device. D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically. E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device. Correct Answer: CE (according to the dumps BC) Confirmation: "Both the active and standby devices must run the identical version of the Cisco IOS software, and both the active and standby devices must be connected via a hub or switch." [Hidden Content]
  11. Hello everyone, I reviewed the dumps and found these errors: QUESTION 1 Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System? A. security intelligence B. impact flags C. health monitoring D. URL filtering Correct Answer: should be B (according to the dumps it’s A) B is correct, because 1st of all: Security Intelligence, Health monitoring and URL filtering are not related to IPS. 2nd reason, we use Network discovery data (to understand what vulnerabilities you have in your network) for IPS, so when there is an attack we understand the impact flag (is the attack danger to your network). Let’s say you have only Windows devices in your network, if there is an attack related to MAC OS/Android/iOS, the impact flag is low, because, you don’t have such vulnerabilities in your network. “The impact level in this field indicates the correlation between intrusion data, network discovery data, and vulnerability information.” [Hidden Content] Question 5 Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab? A. show authentication registrations B. show authentication method C. show dot1x all D. show authentication sessions Correct Answer: should be D (according to dumps it’s B) Here is a confirmation: [Hidden Content] The following example shows how to display all authentication sessions on the switch: Device# show authentication sessions Interface MAC Address Method Domain Status Session ID Gi1/48 0015.63b0.f676 dot1x DATA Authz Success 0A3462B1000000102983C05C Gi1/5 000f.23c4.a401 mab DATA Authz Success 0A3462B10000000D24F80B58 Gi1/5 0014.bf5d.d26d dot1x DATA Authz Success 0A3462B10000000E29811B94 QUESTION 15 Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities? A. user input validation in a web page or web application B. Linux and Windows operating systems C. database D. web page images Correct Answer: A should be the correct answer because we exploit the input vulnerabilities of a web page (we don’t check what should be the actual input): SQL injection is the placement of malicious code in SQL statements, via web page input. [Hidden Content] QUESTION 27 What are the two most commonly used authentication factors in multifactor authentication? (Choose two.) A. biometric factor B. time factor C. confidentiality factor D. knowledge factor E. encryption factor Correct Answer: Should be BD (there are no biometric, confidentiality and encryption factors). There are (factor and example): Time(access in time range), Knowledge (password), Location (access from different locations), Possession (token), Inherence (fingerprints) factors: [Hidden Content] QUESTION 36 An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing? A. Ensure that the client computers are pointing to the on-premises DNS servers. B. Enable the Intelligent Proxy to validate that traffic is being routed correctly. C. Add the public IP address that the client computers are behind to a Core Identity. D. Browse to [Hidden Content] to validate that the new identity is working. Correct Answer: D Verify that your DNS connections are routed through Cisco Umbrella's global network by navigating to the following page in your client's browser: [Hidden Content]. You should see the Welcome to Umbrella page. Note: You may need to restart your client's network interface or your computer. [Hidden Content] QUESTION 41 For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.) A. computer identity B. Windows service C. user identity D. Windows firewall E. default browser Correct Answer: BD Confirmation: "The Firewall condition checks if a specific Firewall product is running on an endpoint." [Hidden Content] QUESTION 96 The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network? A. SDN controller and the cloud B. management console and the SDN controller C. management console and the cloud D. SDN controller and the management solution Correct answer should be A Northbound APIs that relay information between the controller and the applications and policy engines, to which an SDN looks like a single logical network device [Hidden Content] So we don't have answer applications!!! but I found here: The Northbound API makes the control information of the network available to higher instance abstractions such as applications. They could be traditional network services such as firewalls or load balancers or orchestration across cloud resources (storage, compute and network) like OpenStack. [Hidden Content] That's why I think SDN controller and the cloud should be the correct answer Please, let me know what do you think and share the errors that you found
  12. Could anyone share any valid dumps for SCOR 350-701 CCNP Security/CCIE? Thank you in advance.
×
×
  • Create New...