500-651 Practice Questions

500-651 (61 Questions)
Number: 500-651
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
Vendor: Cisco
Exam Code: 500-651
Exam Name: Advanced Security Architecture for Systems Engineers (ASASE)
Innovior ITTech
Q&A
Advanced Security Architecture for Systems Engineers (ASASE)

500-651
(61 Questions)
http://www.facebook.com/InnoviorITTech
We Offer Free Update Service

For One Year.
QUESTION 1
Which Cisco product included in the Endpoint threat-centric solution?
A. Umbrella
B. ASAv
C. Meraki MX
D. Cloudlock
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which feature of Cisco AnyConnect allows pre-login authentication using windows machines, or single sign-on
user authentication using Windows logon credentials?
A. Secure Layer-2 Network Access

B. Flexible AAA Options
C. Differentiated Mobile Access
D. Trusted Network Detection
Correct Answer: A
Section: (none)
Explanation
QUESTION 3
Which Stealthwatch component is a physical or virtual appliance that aggrages and normalizes NetFlow data?
A. Investigate
B. Stealthwatch Management Center
C. Flow Collector
D. UOP Director
Correct Answer: C
Section: (none)
Explanation
QUESTION 4
Which is a main element of FirePOWER Device Manager?
A. On-box, Web-based management

B. Streamlined user experience
C. Simplified interface
D. Cloud-based policy orchestration
Correct Answer: A
Section: (none)
Explanation
QUESTION 5
How is Cisco Security able to dynamically add IP addresses of known malware domains to its list of ports to
detect and block?
A. Reputation Filtering
B. Layer-4 Monitoring
C. Data Loss Prevention
D. URL Filtering
Correct Answer: A
Section: (none)
Explanation
QUESTION 6
Which feature discovers and controls malicious cloud apps connected to the corporate environment?
A. Umbrella
B. Cognitive Threat Analytics
C. Cloudlock
D. Investigate
Correct Answer: C
Section: (none)
Explanation
QUESTION 7
Which two Cisco products are a part of the "endpoints" threat-centric solution module? (Choose two.)
A. Cisco Umbrella
B. Cisco Defense Orchestrator
C. Cisco VPN 3000
D. Cisco Stealthwatch
E. Cisco AMP for Endpoints
Correct Answer: AE
Section: (none)
Explanation
QUESTION 8
Which two features are part of the ISE Plus license? (Choose two.)
A. Threat Centric NAC

B. Profiling and feed services
C. Guest management
D. Cisco pxGrid
E. Basic network Access AAA. 802 IX
Correct Answer: BD
Section: (none)
Explanation
QUESTION 9
Which feature of Cisco Web Security leverages the Outbreak Intelligence Engine to scan individual pieces of
websites before allowing access?
A. Antivirus Monitoring
B. Dynamic Content Analysis
C. Real-time Sandboxing Analysis
D. Visibility control
Correct Answer: C
Section: (none)
Explanation
QUESTION 10
Which is a feature mentioned in the DNS security module?
A. Layer-4 monitoring
B. Umbrella
C. Real-time sandboxing
D. Data Loss Prevention
Correct Answer: B
Section: (none)
Explanation
QUESTION 11
How many web requests does Talos process per month?
A. 1.5 million
B. 100,000
C. 130 billion
D. 130 million
Correct Answer: C
Section: (none)
Explanation
QUESTION 12
Which license subscription terms are available for AMP licensing?
A. 1 month, 3 months, 6 months

B. 1 year, 5 years, 10 years
C. 5 years, 10 years, 30 years
D. 1 year, 3 years, 6 years
Correct Answer: D
Section: (none)
Explanation
QUESTION 13
Which two Cisco solution are part of the Mobile threat centric solution? (Choose two.)
A. Cisco AnyConnect
B. Cisco Umbrella
C. Cisco NGFW
D. Cisco NGIPS
E. Cisco Defense Orchestrator
Correct Answer: AB
Section: (none)
Explanation
QUESTION 14
How does AMP's device trajectory capabilities help address customer's issues?
A. It determines the scope and cause of an outbreak and tracks suspicious files.
B. It searches for potential threats based on identified activities and behaviors.
C. It isolates suspicious files and runs them in a sandbox environment to determine their authenticity.
D. It analyses the data from suspicious files to provide a new level of threat intelligence.
Correct Answer: C
Section: (none)
Explanation
QUESTION 15
Which feature of CTA can separate statistically normal traffic form anomalous traffic?
A. URL filtering
B. Trust modeling
C. Anomaly detection
D. Event classification
Correct Answer: C
Section: (none)
Explanation
QUESTION 16
Which is a Cisco solution feasures retrospective security?
A. AMP for Endpoint

C. Umbrella
D. Investigate
Correct Answer: A
Section: (none)
Explanation
QUESTION 17
Which Cisco Product is integrated with the AnyConnect Web Security Module?
A. Cisco Stealthwatch
C. Cisco Cloud Web Security
D. Cisco Email Security Appliance
Correct Answer: C
Section: (none)
Explanation
QUESTION 18
Which are two main features of Intrusion Prevention? (Choose two.)
A. Threat analysis through network behavior analysis

B. Protecting against Zero-Day attacks
C. Layer-4 traffic monitoring across platforms
D. Vulnerability-based threat management
Correct Answer: AD
Section: (none)
Explanation
QUESTION 19
Which are two key Cisco benefits of the web threat-centric solution? (Choose two.)
A. Data Loss Prevention with NGFW

B. Endpoint device profiling with ISE
C. E-mail encryption with CRES
D. Malware blocking with AMP
E. Rogue web application protection through CTA
Correct Answer: DE
Section: (none)
Explanation
QUESTION 20
Which three malware categories does real-time Malware Scanning protect you from? (Choose three)
A. Antivirus Monitoring
B. Adware
C. Trojan Downloader
D. Outbreak Filters
E. Web Reputation
F. Phishing URL
Correct Answer: BCF

Section: (none)
Explanation
QUESTION 21
Which feature of ISE is Terminal Access Control System (TACACS) a part of?
A. Device Administration
B. Device Profiling
C. Centralized policy management
D. Guest access management
Correct Answer: A
Section: (none)
Explanation
QUESTION 22
Which feature of AMP tracks the movement of a file within the environment and monitors its disposition over
time?
A. Trajectory
B. Fuzzy Fingerprinting
C. Machine Learning
D. Threat Grid
Correct Answer: A
Section: (none)
Explanation
QUESTION 23
Which three options are attack vectors protected by Email Security? (Choose three.)
A. Endpoints
B. Offline Devices
C. Mobile
D. E-mail
E. Voicemail
F. Backups
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 24
Which product was covered in the Cisco Cloud App Security module?
A. Cisco NGFW
C. Cisco AMP
D. Cloud Cloudlock
Correct Answer: D
Section: (none)
Explanation
QUESTION 25
Which are two main features of ASAv and NGFWv? (Choose two.)
A. File trajectory
B. API-based management
C. File reputation
D. Agile provisioning
Correct Answer: BD
Section: (none)
Explanation
QUESTION 26
Which TrustSec feature allows customers to simplify firewall administration, avoiding the common rule
explosions that happen when new servers?
A. Firewall administration
B. Push policies
C. Traffic tagging
D. Regulate access
Correct Answer: C
Section: (none)
Explanation
QUESTION 27
Which Cisco solution features recursive DNS capabilities?
A. Cisco Defense Orchstrator

B. Identity Services Engine
C. Umbrella
D. Cognitive Threat Analytics
Correct Answer: C
Section: (none)
Explanation
QUESTION 28
Which is a key feature that Advanced Malware Protection provides?
A. Dynamic Content Analysis

B. Reputation Analytics
C. Retrospective Security
D. Dynamic URL Filtering
Correct Answer: A
Section: (none)
Explanation
QUESTION 29
Which are three main features of the Meraki MX discussed in Cloud App Security module? (Choose three.)
A. Cloud-Brokered VPN
B. Posture Assessment
C. Intrusion Prevention
D. Email Security
E. Profiling
F. Next Generation Firewall
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 30
Which Cisco solution falls under cloud security?
A. Umbrella
C. Firepower Threat Defense
D. Cisco Defense Orchestrator
Correct Answer: A
Section: (none)
Explanation
QUESTION 31
Which Cisco solution falls under Advanced Threat?
A. Umbrella
C. Stealthwatch
D. Threat Grid
Correct Answer: C
Section: (none)
Explanation
QUESTION 32
Which three are deployment options for E-mail Security? (Choose three.)
A. ESA
B. CES
C. WSAv
D. AMP
E. ESAv
F. WebRoot
Correct Answer: ABE
Section: (none)
Explanation
QUESTION 33
Which feature of Cisco ISE uses Cisco TrustSec Security Group Tags 10 edit networks dynamically rather than
with VLANs?
A. Device profiting and onboarding

B. Role and device segmentation
C. Guest Access
D. Secure remote access
Correct Answer: B
Section: (none)
Explanation
QUESTION 34
Employee-sponsored network access, guest access, and activity tracking are contributors to which feature of
ISE?
A. Device profiting
B. Context-aware access
C. Guest access management
D. Platform exchange grid
Correct Answer: C
Section: (none)
Explanation
QUESTION 35
Which is a security product that was covered in the Policy and access security module?
A. Cisco NFGW
B. Cisco Identity Services Engine
C. Cisco NGIPS
Correct Answer: B
Section: (none)
Explanation
QUESTION 36
Which two options are attack vectors of the threat-centric defense? (Choose two.)
A. Voicemail
B. Backups
C. Mobile
D. Video surveillance
E. Cloud apps
Correct Answer: CE
Section: (none)
Explanation
QUESTION 37
Which are two key Cisco products that are part of the web threat-centric solution? (Choose two.)
A. Cisco Defense Orchestrator

B. Cisco Umbrella
C. Cisco Identity Services Engine
D. Cisco Web Security Appliance
E. Cisco Email Security Appliance
Correct Answer: BD
Section: (none)
Explanation
QUESTION 38
Which is a Cisco recommended driver for network security?
A. Offer a threat-foe used security solution.

B. Provide automated impact assessment.
C. Focus on point products.
D. Assign central, role-based management.
Correct Answer: A
Section: (none)
Explanation
QUESTION 39
Which feature of ISE combines user identification with robust context sharing platform to prevent inappropriate
access?
A. Centralized policy management

B. Context-aware access
C. Patch management
D. Platform exchange grid
Correct Answer: B
Section: (none)
Explanation
QUESTION 40
Which three options are attack vectors protected by Web Security? (Choose three.)
A. Endpoints
B. Mobile
C. Offline Devices
D. Backups
E. Voicemail
F. Web
Correct Answer: ABF

Section: (none)
Explanation
QUESTION 41
What is key feature of Cognitive Threat Analytics?
A. It enables safe email usage with event Analytics.

B. It improves threat detection over time with machine learning.
C. It enhances anonymity with URL filtering.
D. It enables greater endpoint device profiling intelligence with entity modeling.
Correct Answer: B
Section: (none)
Explanation
QUESTION 42
What two challenges do customers face in their Campus and Branch deployments? (Choose two.)
A. Securing the entire infrastructure

B. Stopping data breaches across campuses and branches
C. Protect data across multiple cloud applications
D. Monitoring file behavior across a large set of endpoints
E. Understanding what our users are doing online
Correct Answer: AB
Section: (none)
Explanation
QUESTION 43
Which are two main features of Advanced Malware Protection? (Choose two.)
A. Rapid App Containment

B. Leverages Global Threat Intelligence to provide zero-day protection
C. Threat protection across the entire attack continuum
D. User and Entity Behavior Analytics
Correct Answer: BC
Section: (none)
Explanation
QUESTION 44
Which three Cisco solutions are covered in the Advanced Threat module? (Choose three.)
A. Cognitive Threat Analytics

B. Intrusion Analytics
C. AMP
E. NGIPS
F. Cisco Threat Grid
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 45
Which are two main features of FirePOWER Threat Defense? (Choose two.)
A. Unify Images for more intuitive interface management

B. Provide malware detection score foe additional analytics
C. Deliver Data Loss Prevention through the virtual lock
D. Offer intuitive interface including new management options and control
Correct Answer: AD
Section: (none)
Explanation
QUESTION 46
Which two options are attack vectors protected by Identity and Access Control? (Choose two.)
A. Backups
B. Mobile
C. Endpoints
D. Cloud apps
E. Voicemail
Correct Answer: BC
Section: (none)
Explanation
QUESTION 47
Which options describes how Cisco solutions enable customer's businesses?
A. Enhancing remediation operations.

B. Having the fastest threat identification.
C. Automating the security intelligence updates.
D. Their ability to keep customers networks more secure and make IT more productive.
Correct Answer: D
Section: (none)
Explanation
QUESTION 48
Which is a component of Cisco's Web and E-mail Security Solution?
A. Device Profiling
B. Next Generation Intrusion Prevention System
C. Next Generation Firewall
D. DNS-Layer security
Correct Answer: B
Section: (none)
Explanation
QUESTION 49
Which AMP feature is provided by fuzzy fingerprinting?
A. Identifies specific instances of malware with a signature-based approach

B. Automatically detects polymorphic variants of known malware
C. Provides recursive DNS lookup services
D. Identifies new malware using statistical modeling and analytics engines
Correct Answer: B
Section: (none)
Explanation
QUESTION 50
What is a main benefit of Cisco's Clouldlock Data Loss Prevention feature?
A. Reduces cost with easy implementation and installation

B. Provides in depth cloud app analytics and tracking
C. Allow organizations to retroactively identify malware within their environment
D. Includes 70+ out of the box policies for enforcement, such as PCI, HIPAA, etc
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
Which three options ate attack vectors protected by DNS-Layer security? (Choose three.)
A. Voicemail
B. Backups
C. Web
D. E-mail
E. Cloud apps
F. Video Surveillance
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 52
Which feature of Cisco AnyConnect allows pie-login authentication using windows machines, or single sign-on
user authentication using Windows logon credentials?
A. Secure Layer-2 Network Access

B. Flexible AAA Options
C. Differentiated Mobile Access
D. Trusted Network Detection
Correct Answer: A
Section: (none)
Explanation
QUESTION 53
How does the Cisco AnyConnect AMP Module help to protect customer's networks?
A. AMP is a unified agent that combines posture check and authentication across wired wireless, and VPN
networks.
B. AMP Module can profile devices before allowing them to connect.
C. AMP provides highly secure access for select enterprise mobile applications.
D. AnyConnect can deploy AMP for Endpoints for Windows or OSX.
Correct Answer: D
Section: (none)
Explanation
QUESTION 54
Which three features provided by NGFW and NGIPS support the "Internet Edge" use case? (Choose three.)
A. Supports High Availability

B. Support for profiling devices
C. Supports dynamic routing protocols such as OSPF or BGP
D. Support for Platform exchange grid
E. Support for High Bandwith environments
F. Support for integrated posture assessment
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 55
Which option helps customers gain insight into security threats?
A. Limit volume of users to applications.

B. Share sensitive data across Afferent platforms.
C. Providing remote access VPN to allow mobile users to connect securely to customers network.
D. Providing visibility into everything to allow granular security policies to be created and enforced.
Correct Answer: D
Section: (none)
Explanation
QUESTION 56
What are three major features of Cisco Defense Orchestrator? (Choose three.)
A. Providing retrospective security to protect against malware.

B. Receive notifications about any unplanned changes to security policies and objects.
C. Plan and model security changes before deploying them across the cloud.
D. Identifying anomalous traffic in customer's network.
E. Ability to deploy changes across virtual environments in real time or offline.
F. Tracking suspicious files through the network.
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 57
What are three benefits that Cisco Umbrella brings to DNS-Layer Security? (Choose three.)
A. Helps providing breach mitigation.

B. Blocks Domains/IPs associated with malware, phising, etc.
C. Delivers cloud based recursive DNS.
D. Provides profiling of devices.
E. Logs all internet activity.
F. Provides Sandboxing of malware.
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 58
Which is a key feature of Cisco Defense Orchestra?
A. Profiles devices connected to customer's network

B. Orchestrates security policy management form one place
C. Consolidates configuration management
D. Protects customers network against zero-day attacks
Correct Answer: B
Section: (none)
Explanation
QUESTION 59
Which three NGFW and NGIPS features support the "Complex Remote Access" use case? (Choose three.)
A. Support for device onboarding

B. Users protected regardless of physical location
C. Fuzzy Fingerprinting
D. Detection of anomalous traffic
E. Controls and protections extended beyond VPN controls
F. Secure access extended to all users
Correct Answer: BEF

Section: (none)
Explanation
QUESTION 60
Which are two main features of Stateful Firewalling? (Choose two.)
A. Clientless lagging
B. File retrospection
C. Full VX LAN support
D. File reputation
Correct Answer: AC
Section: (none)
Explanation
QUESTION 61
What are two key points of the Cisco Security and Threat Landscape module? (Choose
two.)
A. The Cisco Security Solutions Portfolio drives customer business outcomes by providing
threat-centric defense, visibility and control, and flexible solutions
B. The threat landscape is expanding, becoming more complex, and threats are increasingly costing more to
customers
C. The Cisco Security Solutions Portfolio stops all threat from entering a customers network.
D. Customers need several solutions to protect their environment.
Correct Answer: AB
Section: (none)
Explanation

500-651 Practice Questions

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

500-651 Practice Questions

Caricato da

Copyright:

Formati disponibili

500-651 (61 Questions)

Exam Code: 500-651

Exam Name: Advanced Security Architecture for Systems Engineers (ASASE)

Advanced Security Architecture for Systems Engineers (ASASE)

We Offer Free Update Service

A. Secure Layer-2 Network Access

A. On-box, Web-based management

A. Threat Centric NAC

A. 1 month, 3 months, 6 months

A. AMP for Endpoint

A. Threat analysis through network behavior analysis

A. Data Loss Prevention with NGFW

Correct Answer: BCF

Correct Answer: ACD

A. Cisco Defense Orchstrator

A. Dynamic Content Analysis

Correct Answer: ACE

A. Device profiting and onboarding

A. Cisco Defense Orchestrator

A. Offer a threat-foe used security solution.

A. Centralized policy management

Correct Answer: ABF

A. It enables safe email usage with event Analytics.

A. Securing the entire infrastructure

A. Rapid App Containment

A. Cognitive Threat Analytics

Correct Answer: ABC

A. Unify Images for more intuitive interface management

A. Enhancing remediation operations.

A. Identifies specific instances of malware with a signature-based approach

A. Reduces cost with easy implementation and installation

Correct Answer: CDE

A. Secure Layer-2 Network Access

A. Supports High Availability

Correct Answer: ACE

A. Limit volume of users to applications.

A. Providing retrospective security to protect against malware.

Correct Answer: BCE

A. Helps providing breach mitigation.

Correct Answer: BCE

A. Profiles devices connected to customer's network

A. Support for device onboarding

Correct Answer: BEF

Potrebbero piacerti anche