Friday, 31 October 2025

Cisco Security questions

 

The role with the highest privilege in the system and is designed for users who need complete control over system configurations, indexes, and data.

Admin

Designed for advanced users who need more capabilities than regular users but do not require full administrative access.

Power

Allows for both administrative work and data management.

Select Match

The default role for most end users and provides access to basic search and reporting functionalities.

User

Which three common mandatory configuration fields apply to all Cisco security products when using the Application Setup page within the Cisco Security Cloud app? (Choose three.)

Top of Form

  • Host
  • Index
  • Input Name
  • Interval
  • Logging level
  • Name

Bottom of Form

What is the benefit of using Cisco Security Cloud app dashboards?

Top of Form

  • Dashboards can help the administrators monitor its performance and cloud connections.
  • Dashboards can help the administrators monitor resource performance, health, errors, product activities, and data integrity.
  • Dashboards can help the SOC teams monitor unauthorized administrative access.
  • Dashboards can help the SOC teams monitor users’ internal and external activities.

To install the Cisco Security Cloud app from a file, which of the following is a valid source location from which to get the file?

  • from Cisco Download Center
  • from Splunk Add-ons documentation page
  • from Splunk Download Center
  • from Splunkbase documentation page

Bottom of Form

 

 

Which of the following apps can be used to integrate different Cisco Security Solutions?

Top of Form

  • Cisco Cloud Security app
  • Cisco Security Cloud app
  • Cisco Splunk app
  • Cisco Splunk Security apps

Bottom of Form

 

Which of the following is a Cisco Security Cloud app dashboard?

Top of Form

  • Cisco AppDynamics
  • App Insights
  • Cisco Security Cloud App
  • Resource Utilization

Bottom of Form

 

Which of the following is an indicator for scaling Splunk?

Top of Form

  • CPU and Memory Utilization: Consistently high CPU (above 50 percent) and memory usage (above 50 percent) during peak times.
  • CPU and Memory Utilization: Consistently high CPU (above 55 percent) and memory usage (above 85 percent) during peak times.
  • CPU and Memory Utilization: Consistently high CPU (above 65 percent) and memory usage (above 60 percent) during peak times.
  • CPU and Memory Utilization: Consistently high CPU (above 75 percent) and memory usage (above 80 percent) during peak times.

When configuring the Cisco Secure Firewall eStreamer integration using the Cisco Security Cloud app, what is required with a corresponding password?

  • Cisco Secure Firewall Management Center eStreamer certificate
  • Cisco Secure Firewall Management Center self-signed certificate for accessing the Cisco Secure Firewall Management Center GUI
  • Cisco Secure Firewall Management Center eStreamer API Client ID
  • Cisco Secure Firewall Management Center eStreamer username

 

 

What is shown at the bottom of the Cisco Security Cloud App > Secure Firewall Dashboard page?

Top of Form

  • Event Details table
  • Connection Events table
  • Intrusion Events widgets
  • Timeline charts

Bottom of Form

 

Which UDP port number is used by Syslog by default?

Top of Form

  • 514
  • 22
  • 443
  • 8080

Bottom of Form

 

Which three types of data can be streamed using eStreamer in Cisco Secure Firewall Management Center? (Choose three.)

Top of Form

  • discovery events
  • correlation and allow list events
  • intrusion events, malware events, file events, connection events
  • CPU and Memory, high availability, Platform Logs firewall configuration settings
  • VPN session logs

 

In Splunk, what information can be viewed on the Data Integrity dashboard for the Cisco Security Cloud Application?

Top of Form

  • Analysis reports of historical malware.
  • Detailed logs of user activity.
  • Metrics of system performance.
  • Status of events for each integrated solution.

Bottom of Form

 

Over which method and TCP port do eStreamer server and client communicate?

Top of Form

  • HTTPS Secure TLS channel over TCP port 8302
  • HTTPS Secure TLS channel over TCP port 443
  • HTTP over TCP port 80
  • Syslog over UDP port 514
  • Syslog over TCP port 514

Bottom of Form

 

Which dashboard of Cisco Security Cloud Application in Splunk provides performance information such as CPU utilization, memory utilization, and input connection health monitoring?

Top of Form

  • Data Integrity
  • Diagnostics
  • Resource Utilization
  • Secure Firewall Dashboard

Bottom of Form

 

 

Which of the following dashboards provides a unified view of the Cisco Security Cloud performance, error handling, and health monitoring?

Top of Form

  • Data Integrity Dashboard
  • Health Monitoring Dashboard
  • Resource Utilization Dashboard
  • XDR Dashboard

Bottom of Form

 

Which two of the following options are valid authentication methods for integrating Cisco XDR with Splunk Enterprise by using the Cisco Security Cloud app? (Choose two.)

Top of Form

  • Client ID
  • Direct Database Connection
  • Message Broker
  • OAuth
  • SOAP APIs

 

Which of the following tiles can be found within the Cisco XDR dashboard on the Cisco Security Cloud app?

Top of Form

  • Mean Time To Engage, Mean Time To Resolution
  • XDR Cases
  • Unresolved Incidents
  • TTP Time Line Charts

Bottom of Form

 

Which of the following methods helps verify that the integration between Cisco XDR and Cisco Security Cloud App is successful?

Top of Form

  • Checking the app status on the Cisco Security Cloud app.
  • Checking the Splunk Health Connection tool.
  • Using the command line for validation.
  • Using the dedicated validation dashboard on the Cisco XDR app.

Bottom of Form

 

Which of the following options can generate user-specific credentials to access APIs programmatically?

Top of Form

  • API client credentials
  • OAuth code client credentials
  • Username client credentials
  • Token client credentials

Bottom of Form

 

Which of the following configuration fields is optional when configuring the Cisco XDR on the Cisco Security Cloud app?

Top of Form

  • Authentication Method
  • Region
  • Promote XDR Incidents to Enterprise Security Notables
  • Import Time Range

Bottom of Form

 

Which of the following authentication methods is used when integrating Cisco XDR with Splunk Cloud?

Top of Form

  • client certificate authentication
  • OAuth authentication
  • passwordless authentication
  • token-based authentication

Bottom of Form

 

Which dashboard helps an administrator ensure compliance with security policies such as MFA and locked-out users?

Top of Form

  • Cisco Multicloud Defense dashboard on Cisco Security Cloud app.
  • Duo Dashboard on Cisco Security Cloud app.
  • Secure Malware Analytics dashboard on Cisco Security Cloud app.
  • Secure Network Analytics dashboard on Cisco Security Cloud app.

Bottom of Form

 

How would you integrate the Cisco Secure Network Analytics with the Cisco Security Cloud app?

Top of Form

  • Create a Cisco Security Cloud app user with the needed permissions, and configure the Cisco Secure Network Analytics in the Cisco Security Cloud app.
  • Create a Cisco Secure Network Analytics SMC user with the needed permissions, determine the Cisco Secure Network Analytics Domain ID, and configure the Cisco Secure Network Analytics in the Cisco Security Cloud app.
  • Create the Cisco Secure Network Analytics Certificate and HTTPS connection settings and configure the Cisco Secure Network Analytics in the Cisco Security Cloud app.
  • Use the Cisco Secure Network Analytics API Key and configure Cisco Secure Network Analytics in the Cisco Security Cloud app.

Bottom of Form

 

What format does Multicloud Defense use when sending Security Events and Traffic Log information to Splunk?

Top of Form

  • structured data logs
  • semi-structured JSON data logs
  • syslogs
  • unstructured data logs

Bottom of Form

 

 

Which four attributes are mandatory, when configuring the Cisco Secure Email Threat Defense Connection configuration settings? (Choose four.)

Top of Form

  • API Key
  • Client ID
  • Email Threat Defense client certificate
  • Email Threat Defense IP address or hostname
  • Region name
  • Security Key

 

Which two of the following attributes are mandatory, when configuring the SNA Connection configuration settings? (Choose two.)

Top of Form

  • API Key
  • API Secret
  • Cisco Security Cloud app IP Address
  • Domain ID
  • SMC username

Which method is valid for verifying Cisco Duo's integration with Cisco Security Cloud app?

Top of Form

  • Checking the Duo Dashboard on the Cisco Security Cloud app.
  • Generating integration validation report from the Cisco Security Cloud app.
  • Using the Cisco Duo integration validation tool.
  • Using the Cisco Security Cloud app integration validation tool.

Bottom of Form

 

Which method does the Multicloud Defense use to communicate with Splunk?

Top of Form

  • APIs
  • DB connect
  • Universal forwarder
  • HEC

Bottom of Form

 

Bottom of Form

 

Which of the following is a Cisco Security Cloud app dashboard?

Top of Form

  • Cisco AppDynamics
  • App Insights
  • Cisco Security Cloud App
  • Resource Utilization

Bottom of Form

Bottom of Form

 

 

Posted by at No comments:

CESA, NVM Questions

 

Question 1 -  As your company's employees work both on and off-premises, you plan to collect flow context from the endpoints to gain visibility into user behaviors. Since you have already deployed Cisco Secure Client, you plan to add NVM and ingest the related events into Splunk for advanced security analytics. Which Splunk app/add-on should you use for this purpose?

Top of Form

  • The Cisco Security Cloud app
  • The Cisco SNA app
  • The Cisco Endpoint Threat Defense app and Cisco Endpoint Threat Defense add-on
  • The CESA app and CESA Add-OnBottom of Form

 

Question 2 - You are planning to transition the Cisco security legacy apps that you use in Splunk with the Cisco Secure Cloud app. Which three are benefits provided by the Cisco Security Cloud app? (Choose three.)

Top of Form

  • Consistent index creation and data parsing that ensures efficient processing of ingested data of each product.
  • One index that is used for the ingested data from the supported Cisco products.
  • A specific dashboard for each product that facilitates on-time and detailed analysis of ingested data.
  • One built-in dashboard that shows all the possible integrations in one place for events analysis.
  • Integration with Splunk SOAR for automated responses to threats.
  • Software updates and compatibility with the latest Splunk platform versions.

 

 

Question 3 - For which legacy app setup do you need to copy the certificate and specify the required certificate name in Splunk so it can authenticate with the server for data ingestion?

Top of Form

  • Duo Splunk Connector
  • Cisco Secure Network Analytics (Stealthwatch) App for Splunk Enterprise
  • Cisco Secure eStreamer Client Add-On for Splunk
  • Cisco Secure Malware Analytics

Bottom of Form

 

Question 4 - You are using Cisco Secure Network Analytics for contextual visibility and monitoring of your private network and public cloud. You plan to ingest data from the Secure Network Analytics Management Console into Splunk and want to try the legacy app first and explore built-in dashboards so you can compare it with the Cisco Security Cloud later on. Which legacy app can you use?

Top of Form

  • Cisco Cloud Security App
  • Cisco Secure Network Analytics (Stealthwatch) App
  • Cisco Stealthwatch App
  • Cisco Netflow Analytics App for Splunk

 

 

Question 5 - What is the primary function of a Splunk Technology Add-on (TA)?

Top of Form

  • To provide comprehensive dashboards and reports for end-users.
  • To manage user authentication and authorization within Splunk.
  • To execute ad-hoc searches and generate alerts based on raw data.
  • To facilitate the onboarding, parsing, and normalization of data from specific sources.

Question 6 - You are searching Splunkbase for the Cisco Secure Firewall app for Splunk to see whether this app has reached end-of-life. Which two provide information for the end-of-life notice on the app page in Splunkbase? (Choose two.)

Top of Form

  • In the description under the app name
  • In the Compatibility field
  • In the Support field
  • In the Version History tab
  • In the Summary tab
  • In the Installation tab

 

 

Question 7 - Which app requires a technology add-on for data ingestion of the supported Cisco security product?

Top of Form

  • Duo Splunk Connector
  • Splunk for Cisco ISE
  • Cisco Security Cloud  
  • Cisco Secure Malware Analytics
  • Cisco Email Threat Defense connector for Splunk

Bottom of Form

Question 8 - you have enabled ingestion of your Cisco ISE events into Splunk and installed the Splunk for Cisco ISE app for analyses. Which type of users can you inspect using this app?

Top of Form

  • Wired and wireless users
  • Wired and VPN users
  • Wireless and VPN users
  • Wired, wireless, and VPN users

 

Question 9 - Which three top level menu items are available in the Cisco ISE app in Splunk? (Choose three.)

Top of Form

  • Authentications
  • BYOD
  • ISE Profiler
  • TACACS+
  • TrustSec
  • Device Summary


Question 10 - You are setting up Cisco ISE to send Syslog events to Splunk. You have configured the Splunk server as a remote logging target, what else do you need to do?

Top of Form

  • Configure the shared secret password.
  • Install the Cisco ISE system certificate to be used for the Syslog service.
  • Choose the logging categories for the Splunk logging target.
  • Create the logging policy rules under the Admin Policy Set.

Bottom of Form

Question 11 - you are working as a SOC analyst, and you are integrating Cisco NVM on the endpoints with Splunk. You have set up the NVM Collector, and you need to configure Splunk to ingest the three feeds streamed from the collector. Which action should you take?

  • Configure three UDP data inputs, each with the port for the respective feed. 
  • Configure one UDP data input that includes all three ports for the feeds.
  •  Configure three TCP data inputs, each with the port for the respective feed. 
  • Configure one Syslog data input that includes all three ports for the feeds. 
  • Configure three Syslog data inputs, each with the port for the respective feed.

 

 

 

Question 12 - The employees in your organization connect to your corporate network through VPN from various locations, and you want to obtain insights into the traffic that is sent through the tunnel using the CESA app in Splunk. Which two options in the Zero Trust – VPN Split Tunneling/Network Monitor dashboard can you use to filter the display of information that is related to the traffic in the VPN tunnels? (Choose two.)

Top of Form

  • Wired
  • Untrusted
  • Virtual
  • VPN
  • Trusted

 

Question 13 - During the verification of the NVM integration with Splunk, you need to confirm that the NVM collector status is active (running). This will help you ensure that the NVM collector is continuously receiving IPFIX data from the NVM endpoints. Which command should you use on the NVM Collector?

Top of Form

  • sudo systemctl status acnvm.collector
  • sudo systemctl status nvm.collector
  • sudo systemctl status acnvm.service
  • sudo systemctl status nvm.service

Bottom of Form

Question 14 - You need to modify the Splunk IP address in the NVM Collector configuration file. Which two options specify the name of the configuration file and the path where it is located? (Choose two.)

Top of Form

  • /opt/cisco/nvm
  • /opt/acnvm/conf/
  • /opt/nvm/conf/
  • nvm.conf
  • nvm.xml
  • acnvm.conf

 

Question 16 - Which CESA App homepage category provides access to dashboards that visualize application behavior, such as top applications by volume and flow, top source and destination ports, as well as utilization data and integrated view of application processes?

Top of Form

  • Devices
  • Applications
  • Users
  • Locations

Bottom of Form

 

Bottom of Form

 

Question 17 - You have installed Cisco Enterprise Networking for Splunk Platform on Splunk to use the app's built-in dashboards to analyze events ingested from your enterprise environment. Which three Cisco products do the app dashboards support? (Choose three.)

Cisco ISE

Cisco Duo

Cisco Secure Endpoint

 Cisco Catalyst SD-WAN

Cisco Secure Firewall

Cisco Catalyst Center Bottom of Form

 

 

Question 18 - You have Cisco ISE and Splunk in your environment, and you want to try the Cisco ISE Data Connect to query Cisco ISE from Splunk for analysis and report creation. Which two components do you need for the integration? (Choose two.)

 Splunk DB Connect Splunk for Cisco ISE

Splunk Add-on for Cisco Identity Services

Splunk DBX Add-on for MySQL JDBC

Splunk DBX Add-on for Oracle JDBC

 

 

 

Question 19 - You have integrated Cisco NVM on the endpoints with Splunk to obtain deep endpoint visibility using the CESA app. Which two types of analyses can you perform with the built-in dashboards in the CESA app? (Choose two.)

Top of Form

  • CPU usage on endpoints
  • Data and traffic across VPN and split tunnels
  • Suspicious emails containing phishing links
  • Endpoints using unapproved or block listed applications
  • System performance metrics for virtual servers

 

Which file contains the three following ports used between the Cisco NVM Collector and Splunk? "syslog_flowdata_server_port" : 20519 "syslog_sysdata_server_port" : 20520 "syslog_intdata_server_port" : 20521

Top of Form

  • acnvm.conf file on the Cisco NVM Collector
  • NVM_ServiceProfile.xml file on the Cisco NVM Collector
  • acnvm.conf file on the Client running Cisco NVM
  • NVM_ServiceProfile.xml file on the Client running Cisco NVM

Bottom of Form

 

 

 

 

Posted by at No comments:
Subscribe to: Comments (Atom)