Question 1 - As your company's
employees work both on and off-premises, you plan to collect flow context from
the endpoints to gain visibility into user behaviors. Since you have already
deployed Cisco Secure Client, you plan to add NVM and ingest the related events
into Splunk for advanced security analytics. Which Splunk app/add-on should you
use for this purpose?
- The Cisco Security Cloud app
- The Cisco SNA app
- The Cisco Endpoint Threat Defense app and
Cisco Endpoint Threat Defense add-on
- The CESA app and CESA
Add-On
Question 2 - You are planning to
transition the Cisco security legacy apps that you use in Splunk with the Cisco
Secure Cloud app. Which three are benefits provided by the Cisco Security Cloud
app? (Choose three.)
- Consistent index
creation and data parsing that ensures efficient processing of ingested
data of each product.
- One index that is used for the ingested
data from the supported Cisco products.
- A specific dashboard
for each product that facilitates on-time and detailed analysis of
ingested data.
- One built-in dashboard that shows all the
possible integrations in one place for events analysis.
- Integration with Splunk SOAR for automated
responses to threats.
- Software updates and
compatibility with the latest Splunk platform versions.
Question 3 - For which legacy app
setup do you need to copy the certificate and specify the required certificate
name in Splunk so it can authenticate with the server for data ingestion?
- Duo Splunk Connector
- Cisco Secure Network Analytics
(Stealthwatch) App for Splunk Enterprise
- Cisco Secure eStreamer
Client Add-On for Splunk
- Cisco Secure Malware Analytics
Question 4 - You are using Cisco
Secure Network Analytics for contextual visibility and monitoring of your
private network and public cloud. You plan to ingest data from the Secure
Network Analytics Management Console into Splunk and want to try the legacy app
first and explore built-in dashboards so you can compare it with the Cisco
Security Cloud later on. Which legacy app can you use?
- Cisco Cloud Security App
- Cisco Secure Network
Analytics (Stealthwatch) App
- Cisco Stealthwatch App
- Cisco Netflow Analytics App for Splunk
Question 5 - What is the primary
function of a Splunk Technology Add-on (TA)?
- To provide comprehensive dashboards and
reports for end-users.
- To manage user authentication and
authorization within Splunk.
- To execute ad-hoc searches and generate
alerts based on raw data.
- To facilitate the
onboarding, parsing, and normalization of data from specific sources.
Question 6 - You are searching Splunkbase for the Cisco Secure Firewall app for Splunk to see whether this app has reached end-of-life. Which two provide information for the end-of-life notice on the app page in Splunkbase? (Choose two.)
- In the description under the app name
- In the Compatibility field
- In the Support field
- In the Version
History tab
- In the Summary tab
- In the Installation tab
Question 7 - Which app requires a
technology add-on for data ingestion of the supported Cisco security product?
- Duo Splunk Connector
- Splunk for Cisco ISE
- Cisco Security Cloud
- Cisco Secure Malware Analytics
- Cisco Email Threat Defense connector for
Splunk
Question 8 - you have enabled
ingestion of your Cisco ISE events into Splunk and installed the Splunk for
Cisco ISE app for analyses. Which type of users can you inspect using this app?
- Wired and wireless users
- Wired and VPN users
- Wireless and VPN users
- Wired, wireless, and
VPN users
Question 9 - Which three top level
menu items are available in the Cisco ISE app in Splunk? (Choose three.)
- Authentications
- BYOD
- ISE Profiler
- TACACS+
- TrustSec
- Device Summary
Question 10 - You are setting up Cisco ISE to send Syslog events to Splunk. You have
configured the Splunk server as a remote logging target, what else do you need
to do?
- Configure the shared secret password.
- Install the Cisco ISE system certificate
to be used for the Syslog service.
- Choose the logging
categories for the Splunk logging target.
- Create the logging policy rules under the
Admin Policy Set.
Question 11 - you are working
as a SOC analyst, and you are integrating Cisco NVM on the endpoints with
Splunk. You have set up the NVM Collector, and you need to configure Splunk to
ingest the three feeds streamed from the collector. Which action should you
take?
- Configure three UDP data inputs, each with the port for the respective feed.
- Configure one UDP data input that includes all three ports for the feeds.
- Configure three TCP data inputs, each with the port for the respective feed.
- Configure one Syslog data input that includes all three ports for the feeds.
- Configure three Syslog data inputs, each with the port for the respective feed.
Question 12 - The employees in your organization connect to your corporate network
through VPN from various locations, and you want to obtain insights into the
traffic that is sent through the tunnel using the CESA app in Splunk. Which two
options in the Zero Trust – VPN Split Tunneling/Network Monitor dashboard can
you use to filter the display of information that is related to the traffic in
the VPN tunnels? (Choose two.)
- Wired
- Untrusted
- Virtual
- VPN
- Trusted
Question 13 - During the verification of the NVM integration with Splunk, you need to
confirm that the NVM collector status is active (running). This will help you
ensure that the NVM collector is continuously receiving IPFIX data from the NVM
endpoints. Which command should you use on the NVM Collector?
- sudo systemctl status acnvm.collector
- sudo systemctl status nvm.collector
- sudo systemctl status
acnvm.service
- sudo systemctl status nvm.service
Question 14 - You need to modify the Splunk IP address in the NVM Collector
configuration file. Which two options specify the name of the configuration
file and the path where it is located? (Choose two.)
- /opt/cisco/nvm
- /opt/acnvm/conf/
- /opt/nvm/conf/
- nvm.conf
- nvm.xml
- acnvm.conf
Question 16 - Which CESA App homepage category provides access to dashboards that
visualize application behavior, such as top applications by volume and flow,
top source and destination ports, as well as utilization data and integrated
view of application processes?
- Devices
- Applications
- Users
- Locations
Question 17 - You have installed Cisco Enterprise
Networking for Splunk Platform on Splunk to use the app's built-in dashboards
to analyze events ingested from your enterprise environment. Which three Cisco
products do the app dashboards support? (Choose three.)
Cisco ISE
Cisco Duo
Cisco Secure Endpoint
Cisco Catalyst SD-WAN
Cisco Secure Firewall
Cisco Catalyst Center
Question 18 - You
have Cisco ISE and Splunk in your environment, and you want to try the Cisco
ISE Data Connect to query Cisco ISE from Splunk for analysis and report
creation. Which two components do you need for the integration? (Choose two.)
Splunk
DB Connect Splunk for Cisco ISE
Splunk
Add-on for Cisco Identity Services
Splunk
DBX Add-on for MySQL JDBC
Splunk DBX Add-on for
Oracle JDBC
Question 19 - You have integrated Cisco NVM on the endpoints with Splunk to obtain
deep endpoint visibility using the CESA app. Which two types of analyses can
you perform with the built-in dashboards in the CESA app? (Choose two.)
- CPU usage on
endpoints
- Data and traffic across
VPN and split tunnels
- Suspicious
emails containing phishing links
- Endpoints using
unapproved or block listed applications
- System
performance metrics for virtual servers
Which file contains the three following ports used between the Cisco NVM
Collector and Splunk? "syslog_flowdata_server_port" : 20519
"syslog_sysdata_server_port" : 20520
"syslog_intdata_server_port" : 20521
- acnvm.conf file on the
Cisco NVM Collector
- NVM_ServiceProfile.xml
file on the Cisco NVM Collector
- acnvm.conf
file on the Client running Cisco NVM
- NVM_ServiceProfile.xml
file on the Client running Cisco NVM
