Q1
The Cisco SecureX pla orm does not integrate with which part of an organiza on's network?
a. endpoints
b. network traffic
c. op cal transceivers
d. data centers
e. cloud-based applica ons
Q2
Regarding the following figure, which two statements are true? (Choose two.)
a. Tools such as OSSEC, Bro, and syslog-ng produce flat files with one log entry per line and are
largely dedicated to collec ng and producing raw NSM data.
b. Tools such as PCAP, Sguil, and ELSA DB produce flat files with one log entry per line that are
largely dedicated to collec ng and producing raw NSM data.
c. Components such as Sguil DB and ELSA are associated with op mizing and maintaining.
d. The tools in the top row are associated with op mizing and maintaining the data.
e. Alert data must also include the metadata that is associated with the IPS alert.
, Q3
Which of the following is a concern regarding full packet capture data?
a. NIC performance features such as TCP segmenta on offload can distort the collected full
packet capture.
b. Storage resources may limit the dura on of full packet capture reten on.
c. The loca on of sensing interfaces affects the visibility that the data provides.
d. The three op ons above are all concerns.
e. Only the second and third op ons above are concerns.
Q4
In NSM data types, which two statements describe full packet capture and extracted content?
(Choose two.)
a. Extracted content records all the network traffic at some par cular loca ons in the network.
b. Full packet capture records all the network traffic at some par cular loca ons in the network.
c. A SOC analyst examining extracted content is analogous to a detec ve reviewing a wiretap.
d. Most o en, extracted content takes the form of files such as images retrieved by a web
browser or a achments to email messages.
e. Most o en, full packet capture takes the form of files such as images retrieved by a web
browser or a achments to email messages.
Q5
Which three op ons are tools that can perform packet captures? (Choose three.)
a. Wireshark
b. ELSA
c. Sguil
d. Squert
e. Tshark
f. Tcpdump
Q6
Who is required to protect the company's informa on assets?
a. chief execu ve officer
b. chief informa on officer
c. chief financial officer
d. chief technical officer
e. everyone in the company
Q7
According to the following figure, which three statements are true? (Choose three.)
The Cisco SecureX pla orm does not integrate with which part of an organiza on's network?
a. endpoints
b. network traffic
c. op cal transceivers
d. data centers
e. cloud-based applica ons
Q2
Regarding the following figure, which two statements are true? (Choose two.)
a. Tools such as OSSEC, Bro, and syslog-ng produce flat files with one log entry per line and are
largely dedicated to collec ng and producing raw NSM data.
b. Tools such as PCAP, Sguil, and ELSA DB produce flat files with one log entry per line that are
largely dedicated to collec ng and producing raw NSM data.
c. Components such as Sguil DB and ELSA are associated with op mizing and maintaining.
d. The tools in the top row are associated with op mizing and maintaining the data.
e. Alert data must also include the metadata that is associated with the IPS alert.
, Q3
Which of the following is a concern regarding full packet capture data?
a. NIC performance features such as TCP segmenta on offload can distort the collected full
packet capture.
b. Storage resources may limit the dura on of full packet capture reten on.
c. The loca on of sensing interfaces affects the visibility that the data provides.
d. The three op ons above are all concerns.
e. Only the second and third op ons above are concerns.
Q4
In NSM data types, which two statements describe full packet capture and extracted content?
(Choose two.)
a. Extracted content records all the network traffic at some par cular loca ons in the network.
b. Full packet capture records all the network traffic at some par cular loca ons in the network.
c. A SOC analyst examining extracted content is analogous to a detec ve reviewing a wiretap.
d. Most o en, extracted content takes the form of files such as images retrieved by a web
browser or a achments to email messages.
e. Most o en, full packet capture takes the form of files such as images retrieved by a web
browser or a achments to email messages.
Q5
Which three op ons are tools that can perform packet captures? (Choose three.)
a. Wireshark
b. ELSA
c. Sguil
d. Squert
e. Tshark
f. Tcpdump
Q6
Who is required to protect the company's informa on assets?
a. chief execu ve officer
b. chief informa on officer
c. chief financial officer
d. chief technical officer
e. everyone in the company
Q7
According to the following figure, which three statements are true? (Choose three.)
