When is the content inspection performed in the packet flow process?

• A.after the application has been identified
• B.after the SSL Proxy re-encrypts the packet
• C.before the packet forwarding process
• D.before session lookup

Comment: *

Name: *

Email: *

Verification: *

An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.
Which security policy action causes this?

• A.Reset both
• B.Deny
• C.Drop
• D.Reset server

Comment: *

Name: *

Email: *

Verification: *

An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

• A.east-west traffic
• B.north-south traffic
• C.branch office traffic
• D.perimeter traffic

Comment: *

Name: *

Email: *

Verification: *

Match the Cyber-Attack Lifecycle stage to its correct description.

Correct Answer:

Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property

Comment: *

Name: *

Email: *

Verification: *

An administrator would like to override the default deny action for a given application, and instead would like to block the traffic and send the ICMP code
"communication with the destination is administratively prohibited".
Which security policy action causes this?

• A.Drop
• B.Drop, send ICMP Unreachable
• C.Reset both
• D.Reset server

Comment: *

Name: *

Email: *

Verification: *