cisco 500-651 practice test

Question 1

Which feature of Cisco ISE uses Cisco TrustSec Security Group Tags 10 edit networks dynamically rather than with VLANs?

• A. Device profiting and onboarding
• B. Role and device segmentation
• C. Guest Access
• D. Secure remote access

Answer:

B

Explanation:
ASAS Policy and Access SE Module 5

Question 2

How does the Cisco AnyConnect AMP Module help to protect customer's networks?

• A. AMP is a unified agent that combines posture check and authentication across wired wireless, and VPN networks.
• B. AMP Module can profile devices before allowing them to connect
• C. AMP provides highly secure access for select enterprise mobile applications
• D. AnyConnect can deploy AMP for Endpoints for Windows or OSX

Answer:

D

Explanation:
ASAS Policy and Access SE Module 5

Question 3

Which feature of ISE combines user identification with robust context sharing platform to prevent inappropriate access?

• A. Centralized policy management
• B. Context-aware access
• C. Patch management
• D. Platform exchange grid

Answer:

B

Explanation:
ASAS Policy and Access SE Module 5

Question 4

Which three Cisco solutions are covered in the Advanced Threat module? (Choose three.)

• A. Cognitive Threat Analytics
• B. Intrusion Analytics
• C. AMP
• D. Cisco Defense Orchestrator
• E. NGIPS
• F. Cisco ThreatGrid

Answer:

A C F

Explanation:
ASAS Security Advanced Threats SE Module 6

Question 5

Which three are deployment options for E-mail Security? (Choose three.)

• A. ESA
• B. CES
• C. WSAv
• D. AMP
• E. ESAv
• F. WebRoot

Answer:

A B E

Question 6

How is Cisco Security able to dynamically add IP addresses of known malware domains to its list of ports to detect and
block?

• A. Reputation Filtering
• B. Layer-4 Monitoring
• C. Data Loss Prevention
• D. URL Filtering

Answer:

B

Explanation:
ASAS Security Web and Email SE Module 2

Question 7

Which Stealthwatch component is a physical or virtual appliance that aggregates and normalizes NetFlow data?

• A. Investigate
• B. Stealthwatch Management Center
• C. Flow Collector
• D. UDP Director

Answer:

C

Question 8

Which feature of AMP tracks the movement of a file within the environment and monitors its disposition over time?

• A. Trajectory
• B. Fuzzy Fingerprinting
• C. Machine Learning
• D. ThreatGrid

Answer:

A

Explanation:
ASAS Security Advanced Threats SE Module 6

Question 9

Which feature of ISE is Terminal Access Control System (TACACS) a part of?

• A. Device Administration
• B. Device Profiling
• C. Centralized policy management
• D. Guest access management

Answer:

A

Explanation:
ASAS Policy and Access SE Module 5

Question 10

Which of AMPs File capabilities deals with the problem of files passing through perimeter defenses that are later discovered
to be a threat?

• A. Dynamic Analytics
• B. Trajectory
• C. Malware Security
• D. File Retrospection

Answer:

D

Explanation:
Tracks the spread of any file within your network and continuously monitors file reputation over time. If a file reputation
changes to malicious or is found by file sandboxing to be malicious, AMP provides retrospective alerting in the after phase.
AMP identifies every instance of the file within your network to address the problem of malicious files passing through
perimeter defenses that are later deemed a threat.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guid
e/b_ScanCenter_Administrator_Guide/b_ScanCenter_Administrator_Guide_chapter_0111
01.pdf