- (Exam Topic 5)
What is the role of the casebook feature in Cisco Threat Response?

1. A. sharing threat analysts
2. B. pulling data via the browser extension
3. C. triage automaton with alerting
4. D. alert prioritization

Correct Answer: A
The casebook and pivot menu are widgets available in Cisco Threat Response. Casebook - It is used to record, organize, and share sets of observables of interest primarily during an investigation and threat analysis. You can use a casebook to get the current verdicts or dispositions on the observables.
https://www.cisco.com/c/en/us/td/docs/se curity/ces/user_guide/esa_user_guide_13-5-1/b_ESA_Admin_Guide_ces
_13-5-1/b_ESA_Admin_Guide_13-0_chapter_0110001.pdf

- (Exam Topic 1)
An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

1. A. Deploy the firewall in transparent mode with access control policies.
2. B. Deploy the firewall in routed mode with access control policies.
3. C. Deploy the firewall in routed mode with NAT configured.
4. D. Deploy the firewall in transparent mode with NAT configured.

Correct Answer: C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.

- (Exam Topic 5)
A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

1. A. Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.
2. B. Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.
3. C. There is a host limit set.
4. D. The user agent status is set to monitor.

Correct Answer: B

- (Exam Topic 3)
Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

1. A. configure coredump packet-engine enable
2. B. capture-traffic
3. C. capture
4. D. capture WORD

Correct Answer: C
Reason: the command "capture-traffic" is used for SNORT Engine Captures. To capture a LINA Engine Capture, you use the "capture" command. Since the Lina Engine represents the actual physical interface of the device, "capture" is the only reasonable choice Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-de
The command is firepower# capture DMZ interface dmz trace detail match ip host 192.168.76.14 host 192.168.76.100 firepower# capture INSIDE interface inside trace detail match ip host 192.168.76.14 host 192.168.75.14

- (Exam Topic 5)
A network administrator registered a new FTD to an existing FMC. The administrator cannot place the FTD in transparent mode. Which action enables transparent mode?

1. A. Add a Bridge Group Interface to the FTD before transparent mode is configured.
2. B. Dereglster the FTD device from FMC and configure transparent mode via the CLI.
3. C. Obtain an FTD model that supports transparent mode.
4. D. Assign an IP address to two physical interfaces.

Correct Answer: B