Which of the following is a Cisco AMP for Endpoints feature that can prevent specific programs from running on
managed endpoints? (Select the best answer.)
A.
file reputation
B.
device trajectory
C.
file trajectory
D.
outbreak control
Explanation:
The outbreak control feature of Cisco Advanced Malware Protection (AMP) for Endpoints can prevent specific
programs from running on managed endpoints. AMP for Endpoints is a hostbased malware detection and
prevention platform that runs on Microsoft Windows, Mac OS X, Linux, and Google Android. Like many other
antimalware packages, AMP for Endpoints monitors network traffic and application behavior to protect a host
from malicious traffic. However, unlike many of its competitors, AMP for Endpoints continues its analysis after a
disposition has been assigned to a file or traffic flow. When malware is detected, the outbreak control feature of
AMP for Endpoints can use application blocking to ensure that a compromised application does not spread the
infection. Outbreak control provides for granular control over which applications are blocked and can use
whitelists to ensure that missioncritical software continues to run even during an outbreak.
File reputation, file trajectory, and device trajectory are not AMP for Endpoints features that prevent specific
programs from running on managed endpoints. File reputation uses information collected from a global network
of security devices to analyze and detect malicious traffic. File trajectory tracks the spread of suspicious files
throughout the network, which can reduce the analysis time if a suspicious file is determined to be malicious.
Likewise, device trajectory tracks file and network activity on endpoints to reduce the overall analysis time when
malicious software is detected.Cisco: Cisco Advanced Malware Protection for Endpoints Data Sheet
QUESTION
Which three statements are characteristics of DHCP Spoofing? (Choose three.)
A. Arp Poisoning
B. Modify Traffic in transit
C. Used to perform man-in-the-middle attack
D. Physically modify the network gateway
E. Protect the identity of the attacker by masking the DHCP address
F. Can access most network devices
Answer: BCD
Explanation:
In DHCP spoofing attacks, the attacker takes over the DHCP server role and can serve IP addresses and his IP address as default gateway. By doing that he performs a man-in-the-middle attack, and because all the traffic passes through his computer he can modify traffic in transit and he physically changed the default gateway.
QUESTION
In which two situations should you use in-band management? (Choose two)
A. when a network device fails to forward packets
B. when management applications need concurrent access to the device
C. when you require ROMMON access
D. when you require administrator’s access from multiple locations
E. when the control plane fails to respond
Answer: BD
QUESTION
Which three statements describe DHCP spoofing attacks? (Choose three.)
A. They can modify traffic in transit.
B. They are used to perform man-in-the-middle attacks.
C. They use ARP poisoning.
D. They can access most network devices.
E. They protect the identity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
Answer: ABF
QUESTION
What security feature allows a private IP address to access the Internet by translating it to a public address?
A. NAT
B. hairpinning
C. Trusted Network Detection
D. Certification Authority
Answer: A
QUESTION
Which Sourcefire event action should you choose if you want to block only malicious traffic
from a particular end user?
A. Allow with inspection
B. Allow without inspection
C. Block
D. Trust
E. Monitor
Answer: A
QUESTION
Which NAT type allows only objects or groups to reference an IP address?
A. dynamic NAT
B. dynamic PAT
C. static NAT
D. identity NAT
Answer: B
QUESTION
Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
Answer: B
I get new 210-260 Dumps from: http://www.examcollections.info/?s=210-260