Refer to the exhibit.
"default_policies": [
{
"action": "BLOCK",
"priority": 100,
"consumer_filter_ref": "__rootScope",
"provider_filter_ref": "__workspaceScope",
"l4_params": {
"proto": 6 } } ]
An engineer configured a default segmentation policy in Cisco Secure Workload to block SMTP traffic. During testing, it is observed that the SMTP traffic is still allowed.
Which action must the engineer take to complete the configuration?
A. Add "port": [25, 25] to _rootScopeA security analyst detects an employee endpoint making connections to a malicious IP on the internet and downloaded a file named Test0511127691C.pdf. The analyst discovers the machine is infected by trojan malware. What must the analyst do to mitigate the threat using Cisco Secure Endpoint?
A. Identify the malicious IPs and place them in a blocked listRefer to the exhibit.

An engineer must connect an on-premises network to the public cloud using Cisco Umbrella as a Cloud Access Security Broker. The indicated configuration was applied to router R1; however, connectivity to Umbrella fails with this error: % OPENDNS-3- DNS_RES_FAILURE. Which action must be taken on R1 to enable the connection?
A. Configure the Open DNS servers with the ip name-server command.Refer to the exhibit.


An engineer must create a firewall policy to allow web server communication only. The indicated firewall policy was applied; however, a recent audit requires that all firewall policies be optimized. Which set of rules must be deleted?
A. Rules 3 and 4Refer to the exhibit.

An engineer must provide HTTPS access from the Google Cloud Platform virtual machine to the on-premises mail server. All other connections from the virtual machine to the mail server must be blocked. The indicated rules were applied to the firewall; however, the virtual machine cannot access the mail server.
Which two actions should be performed on the firewall to meet the requirement? (Choose two.)
A. Set IP address 192.168.200.10 as the destination in rule 1.Refer to the exhibit.

<0uput omitted> ! ASA_1(config)#vpn load-balancing ASA_1(config-load-balancing)#priority 10 ASA_1(config-load-balancing)#cluster key SecretKey01! ASA_1(config-load-balancing)#cluster ip address 30.1.1.1 ! <0uput omitted> !
An engineer must configure VPN load balancing across two Cisco ASA. The indicated configuration was applied to each firewall; however, the load-balancing encryption scheme fails to work. Which two commands must be run on each firewall to meet the requirements? (Choose two.)
A. cluster port 9024An engineer configures trusted endpoints with Active Directory with Device Health to determine if an endpoint complies with the policy posture. After a week, an alert is received by one user, reporting problems accessing an application. When
the engineer verifies the authentication report, this error is found:
"Endpoint is not trusted because Cisco Secure Endpoint check failed, Check user's endpoint in Cisco Secure Endpoint."
Which action must the engineer take to permit access to the application again?
A. Verify the Cisco Secure Endpoint admin panel and approve the access to the user on the Management tab after a complete virus check of the user's laptop.Which mitigation technique does a web application firewall use to protect a web server against DDoS attacks?
A. Source-specific ACLDRAG DROP
An engineer must configure certificate-based authentication in a cloud-delivered Cisco Secure Firewall Management Center. Drag and drop the steps from left to right to manually enroll certificates on a Cisco Secure Firewall Threat Defense Virtual device.
Select and Place:

What helps prevent drive-by compromise?
A. Ad blockersNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-740 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.