Cisco 300-740 SCAZT Exam Questions Instant Access

Question 1

Refer to the exhibit.

Refer to the exhibit. An engineer must connect an on-premises network to the public cloud using Cisco Umbrella as a Cloud Access Security Broker. The indicated configuration was applied to router R1; however, connectivity to Umbrella fails with this error: %OPENDNS-3-DNS_RES_FAILURE. Which action must be taken on R1 to enable the connection?

AConfigure the Open DNS servers with the ip name-server command.

BConfigure a DHCP scope using the ip dhcp pool command.

CAdd the opendns in command to the interface configuration.

DAdd the opendns out command to the interface configuration.

Answer : B

Question 2

Refer to the exhibit.

Refer to the exhibit. An engineer must configure VPN load balancing across two Cisco AS

AThe indicated configuration was applied to each firewall; however, the load-balancing encryption scheme fails to work. Which two commands must be run on each firewall to meet the requirements? (Choose two.)

Acluster port 9024

Bcrypto ikev1 policy 1

Chash sha-256

Dencryption aes 256

Ecluster encryption

Answer : B, E

Question 3

An engineer configures trusted endpoints with Active Directory with Device Health to determine if an endpoint complies with the policy posture. After a week, an alert is received by one user, reporting problems accessing an application. When the engineer verifies the authentication report, this error is found:

"Endpoint is not trusted because Cisco Secure Endpoint check failed, Check user's endpoint in Cisco Secure Endpoint."

Which action must the engineer take to permit access to the application again?

AVerify the Cisco Secure Endpoint admin panel and approve the access to the user on the Management tab after a complete virus check of the user's laptop.

BVerify the Trusted Endpoints policy to verify the status of the machine, and after a complete process of analysis, permit the machine to have access to the application.

CVerify the Duo admin panel, check the EndPoints tab, verify the status of the machine, and after a complete process of analysis, mark the computer as Resolved to permit the user to authenticate again.

DVerify the Cisco Secure Endpoint admin panel, check the Inbox tab, verify the status of the machine, and after a complete process of analysis, mark the computer as Resolved to permit the user to authenticate again.

Answer : D

Question 4

Refer to the exhibit.

Refer to the exhibit. An engineer must provide RDP access to the AWS virtual machines and HTTPS access to the Google Cloud Platform virtual machines. All other connectivity must be blocked. The indicated rules were applied to the firewall; however, none of the virtual machines in AWS and Google Cloud Platform are accessible. What should be done to meet the requirement?

AMove rule 2 to the first position.

BConfigure a NAT overload rule

CConfigure a virtual private cloud firewall rule

DMove rule 1 to the last position

Answer : A

Question 5

According to the MITRE ATT&CK framework, which approach should be used to mitigate exploitation risks?

APerforming regular data backups and testing recovery procedures

BKeeping systems updated with the latest patches

CConsistently maintaining up-to-date antivirus software

DEnsuring that network traffic is closely monitored and controlled

Answer : B

Question 6

Refer to the exhibit.

Refer to the exhibit. An engineer must enable access to Salesforce using Cisco Umbrella and Cisco Cloudlock. These actions were performed:

From Salesforce, add the Cloudlock IP address to the allow list

From Cloudlock, authorize Salesforce

However, Salesforce access via Cloudlock is still unauthorized. What should be done to meet the requirements?

AFrom the Salesforce admin page, grant API access to Cloudlock.

BFrom the Salesforce admin page, grant network access to Cloudlock

CFrom the Cloudlock dashboard, grant API access to Salesforce.

DFrom the Cloudlock dashboard, grant network access to Salesforce.

Answer : A

Question 7

Refer to the exhibit.

Refer to the exhibit. An engineer must create a policy in Cisco Secure Firewall Management Center to prevent restricted users from being able to browse any business or mobile phone shopping websites. The indicated policy was applied; however, the restricted users still can browse on the mobile phone shopping websites during business hours. What should be done to meet the requirement?

ASet Dest Zones to Business Mobile Phones Shopping.

BSet Dest Networks to Business Mobile Phones Shopping.

CSet Time Range for rule 4 of Access Controlled Groups to All.

DMove rule 4 Access Controlled Groups to the top.

Answer : D

Cisco Designing and Implementing Secure Cloud Access for Users and Endpoints 300-740 SCAZT Exam Questions