Best Cisco 300-745 2026 Training With 73 QA's
Cisco 300-745 Certification Exam Questions
Cisco 300-745 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 22
Refer to the exhibit. A software developer noticed that the application source code had been found on the internet. To avoid such an incident from happening again, the developer applied a DLP policy to prevent from uploading source code into generative AI tool like ChatGPT. When testing the policy, the developer noticed that it is still possible for the source code to be uploaded.
Which action must the developer take to prevent this issue?
- A. Modify the data classifications.
- B. Enable the rule.
- C. Move the ChatGPT Source Code rule to the bottom.
- D. Change the DLP action from Monitor to Block.
Answer: D
Explanation:
In the exhibit, the ChatGPT Source Code rule is configured with the action Monitor, which only logs activity but does not stop it. To prevent source code from being uploaded, the action must be changed to Block. This enforces the policy and ensures data exfiltration into generative AI tools is stopped.
NEW QUESTION # 23
A legal services company wants to prevent remote employees from accessing personal email and social media accounts while using corporate laptops. Which security solution enforces the policy?
- A. Cisco TrustSec
- B. Cisco Umbrella
- C. network monitoring tool
- D. RADIUS server
Answer: B
Explanation:
In the modern landscape of remote work, a legal services company must enforce acceptable use policies (AUP) regardless of where a corporate laptop is located.Cisco Umbrellais the ideal architectural solution for this requirement. Umbrella acts as a Secure Internet Gateway (SIG) that operates primarily at the DNS and web layer. When a remote employee attempts to access a personal email site or a social media platform, Umbrella intercepts the DNS request and checks it against the organization's defined security policy.
Cisco Umbrella provides granularContent Filteringcapabilities, allowing administrators to block entire categories of websites, such as "Social Networking" or "Webmail," with a single click. This enforcement happens at the edge-before a connection is even established to the malicious or unauthorized site-making it highly efficient for remote users who may not be connected to the corporate VPN. WhileCisco TrustSec (Option A) andRADIUS(Option B) are powerful for internal network segmentation and authentication, they do not inherently provide the URL/domain-based categorization required to block specific web content for remote clients. Anetwork monitoring tool(Option D) provides visibility but lacks the active enforcement mechanism to block traffic. Therefore, Cisco Umbrella is the specified technology in the SDSI objectives for cloud-delivered web security and policy enforcement for a distributed workforce.
========
NEW QUESTION # 24
After a recent security breach, a financial company is reassessing their overall security posture and strategy to better protect sensitive data and resources. The company already\ deployed on- premises next-generation firewalls at the network edge for each branch location. Security measures must be enhanced at the endpoint level. The goal is to implement a solution that provides additional traffic filtering directly on endpoint devices, thereby offering another layer of defense against potential threats. Which technology must be implemented to meet the requirement?
- A. distributed firewall
- B. traditional firewall
- C. host-based firewall
- D. web application firewall
Answer: C
Explanation:
A host-based firewall runs directly on endpoint devices, providing traffic filtering and protection at the endpoint level. This adds another layer of defense beyond the network edge firewalls, ensuring threats are mitigated closer to where sensitive data resides.
NEW QUESTION # 25
A global energy company moved a monolithic application from the data center to public cloud.
Over time, the company added many capabilities to the application, and it is now difficult for the application team to scale it. The application owner decided to modernize the application by moving to a Kubernetes cluster. However, he wants to ensure that the new application architecture provides a container network interface that is scalable, offers options for cloud-native security, and helps with visibility and observability. Which solution must be used to accomplish the task?
- A. ENI
- B. Cilium
- C. ingress gateway
- D. security group
Answer: B
Explanation:
Cilium is a Kubernetes Container Network Interface (CNI) that provides scalability, cloud-native security with eBPF-based enforcement, and strong visibility/observability into network traffic between microservices. It is purpose-built to modernize applications running in Kubernetes clusters.
NEW QUESTION # 26
Refer to the exhibit.
In addition to SSL decryption, which firewall feature allows malware to be blocked?
- A. SSL Offloading
- B. DLP
- C. File Inspection
- D. URL Filtering
Answer: C
Explanation:
Based on the provided exhibits, the correct firewall feature for blocking malware in this context isFile Inspection.
Inimage_4c047c.png, we see a Cisco Secure Firewall Access Control Policy rule named "Default Inspect".
This rule is configured to allow traffic from the "inside" zone to the "outside" zone while applying deep packet inspection. Crucially, the configuration includes aFile Policyfield, which is the mechanism used to perform malware analysis and file disposition lookups. By associating a File Policy with an Access Control rule, the firewall can inspect files as they transit the network, calculate their SHA-256 hash, and query the Cisco Collective Security Intelligence cloud to determine if the file is malicious, clean, or unknown.
The evidence of this feature in action is found inimage_4b1ebe.png, which shows theCisco Secure Endpoint (formerly AMP for Endpoints) Device Trajectory. The "Activity Details" pane specifically identifies a malicious file (iodnxvg.exe) categorized asW32.DFC.MalParent. While the log notes the file was not quarantined because it was in "audit only mode," the underlying technology performing the detection isFile Inspection. This feature provides the necessary visibility into the contents of encrypted or unencrypted data streams to identify and-when properly configured in a "Protect" or "Block" mode-stop the execution of malware. This aligns with the Cisco SDSI objective of building a layered defense that combines perimeter traffic control with granular file-level security.
NEW QUESTION # 27
A manufacturing company experienced a security breach that resulted in sales data being compromised. An engineer participating in the investigation must identify who logged into the sales system during the affected period. Which approach must be used to gather the information?
- A. AAA
- B. NACM
- C. PKI
- D. SNMP
Answer: A
Explanation:
In the aftermath of a security breach, forensic investigators rely on theAccountingportion ofAAA (Authentication, Authorization, and Accounting)to reconstruct a timeline of events. While Authentication verifies identity and Authorization defines permissions, Accounting is the specific framework used to track user activity, including login/logout times and the specific commands executed during a session.
According to Cisco Security Infrastructure design objectives, implementing a centralized AAA solution (such asCisco Identity Services Engine (ISE)or a TACACS+/RADIUS server) is critical for accountability. In this scenario, the engineer would query the AAA logs to identify exactly "who" accessed the sales system during the compromise period.SNMP(Option A) is primarily for network monitoring and performance data, not granular user access logs.NACM(Option B) is an access control model for NETCONF but doesn't provide the broad auditing required here.PKI(Option D) provides the certificates used for digital signatures and encryption but does not log the historical "session" data needed for the investigation. Therefore, AAA is the fundamental architectural requirement for ensuring non-repudiation and providing the audit trail necessary to satisfy risk management and incident response requirements.
========
NEW QUESTION # 28
A financial company uses a remote access solution that directs all traffic over a secure tunnel. The company recently received some large ISP bills from the headquarter location. According to traffic analysis during the investigation, most of the network traffic was due to employees spending a lot of time on video conferences provided by a SaaS collaboration company. What must the company modify to reduce the cost without negatively impacting security or employee experience?
- A. Block the video conferencing app when connected on VPN.
- B. Reduce the video resolution size permitted within the SaaS application.
- C. Split-exclude the video SaaS application from the VPN.
- D. Suggest users to disconnect from the VPN when on video calls.
Answer: C
Explanation:
In aFull TunnelVPN configuration, all traffic from the remote client is sent to the VPN headend before being routed to its final destination. This often results in "hairpinning," where high-bandwidth latency-sensitive traffic, such as video conferencing, travels to the corporate data center only to be sent back out to the internet, doubling the bandwidth consumption at the headquarter's ISP link.
To resolve this, the company should implementSplit-Excludetunneling. This configuration allows the VPN administrator to define specific applications or IP ranges-in this case, the SaaS video platform-that should bypass the secure tunnel and go directly to the internet via the user's local ISP. This significantly reduces the load on the corporate headquarter's internet connection and often improves the "employee experience" by reducing latency for the video stream. Unlike Option A, which degrades quality, or Option C/D, which disrupts workflow and security posture, split-excluding trusted SaaS traffic maintains a high security standard for internal resources while optimizing infrastructure costs. This aligns with theCisco SDSIobjective of designing scalable and cost-effective remote access solutions usingCisco Secure Client(AnyConnect) and Firepower Threat Defense (FTD) policies.
========
NEW QUESTION # 29
A developer is building new API functions for a cloud-based application. Before writing the code, the developer wants to ensure that destructive actions, including deleting and updating data, are properly protected by access control identifying sensitive fields such as those that contain passwords or personally identifiable information. Which approach must be used to score the risks proactively?
- A. Open API Specification Analysis
- B. SBOM Generation
- C. CSPM
- D. SAST
Answer: A
Explanation:
Open API Specification Analysis evaluates API definitions before code is written, identifying risky endpoints (such as delete or update functions) and sensitive fields (like PII or passwords). This allows developers to proactively score risks and apply proper access controls early in the design phase.
NEW QUESTION # 30
An oil and gas company recently faced a security breach when an employee's notepad, which contained critical login credentials, was stolen. The incident led to unauthorized access to a user account, which posed a significant risk to sensitive company data and operations. The company wants to adopt a security measure that enhances user account protection. Which action must be taken to prevent breaches like this from happening in the future?
- A. Configure a password expiration policy.
- B. Implement single sign-on.
- C. Implement MFA
- D. Update the RADIUS server.
Answer: C
Explanation:
Multi-Factor Authentication (MFA) strengthens user account security by requiring additional verification factors beyond passwords, such as tokens or biometrics. Even if credentials are stolen, MFA prevents unauthorized access, directly addressing the breach scenario.
NEW QUESTION # 31
Which two controls help detect drift in IaC-managed infrastructure? (Choose two.)
- A. DHCP snooping
- B. Manual change log entries
- C. Continuous configuration monitoring
- D. Immutable infrastructure patterns
Answer: C,D
Explanation:
Continuous configuration monitoring detects deviations from IaC definitions, while immutable infrastructure minimizes drift by replacing resources instead of modifying them in place.
NEW QUESTION # 32
A software development company relies on GitHub for managing the source code and is committed to maintaining application security. The company must ensure that known software vulnerabilities are not introduced to the application. The company needs a capability within GitHub that can analyze semantic versioning and flag any software components that pose security risks. Which GitHub feature must be used?
- A. Artifact attestations
- B. GitHub Actions
- C. Depend-a-bot
- D. Sealed boxes
Answer: C
Explanation:
Dependabot is a GitHub feature that automatically scans project dependencies, analyzes semantic versioning, and flags or updates components with known vulnerabilities. This prevents insecure software libraries from being introduced into the application.
NEW QUESTION # 33
An administrator at a large university wants to ensure that the new employees have the right level of access when they are onboarded. The administrator asked the team to configure the cloud environment and ensure that new employees have the appropriate access based on their roles and responsibilities. Which technique must be recommended to ensure the right level of access?
- A. VPN
- B. security groups
- C. identity access management
- D. network access control list
Answer: C
Explanation:
In a modern cloud and campus environment, managing the lifecycle of an identity is the cornerstone of a secure architecture.Identity and Access Management (IAM)is the comprehensive framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources. According to the Cisco SDSI objectives, IAM is the primary mechanism used to transition from manual, error-prone onboarding to a policy-driven approach based onroles and responsibilities.
IAM solutions allow administrators to define digital identities and associate them with specific roles (Role- Based Access Control). When a new employee is onboarded, the IAM system automatically provisions access to the necessary cloud applications and data based on their department or job function. This ensures the principle ofleast privilegeis maintained from day one. WhileSecurity Groups(Option B) andNetwork Access Control Lists (ACLs)(Option D) are important technical controls for filtering traffic at the network layer, they do not manage the identity lifecycle or the complex mapping of users to application permissions. A VPN(Option C) provides a secure tunnel for remote access but does not definewhata user can do once they are inside the network. IAM provides the central control plane for identity-centric security, which is essential for a large university environment with high user turnover and diverse access requirements.
========
NEW QUESTION # 34
A software development company relies on GitHub for managing the source code and is committed to maintaining application security. The company must ensure that known software vulnerabilities are not introduced to the application. The company needs a capability within GitHub that can analyze semantic versioning and flag any software components that pose security risks. Which GitHub feature must be used?
- A. Artifact attestations
- B. GitHub Actions
- C. Depend-a-bot
- D. Sealed boxes
Answer: C
Explanation:
In modern DevSecOps, managing third-party dependencies is a major security challenge.Dependabot(often stylized as Depend-a-bot) is the specific GitHub feature designed to automate the identification and updating of vulnerable dependencies. It works by scanning the application's manifest files (like package.json or requirements.txt) and analyzing thesemantic versioningof the included libraries.
When a known vulnerability (CVE) is reported in a specific version of a library used by the application, Dependabot flags the security risk and alerts the development team. Most importantly, it can automatically generate pull requests to upgrade the dependency to the minimum secure version that resolves the vulnerability. This ensures that the application remains secure without requiring manual tracking of every third-party component.
WhileGitHub Actions(Option C) can be used to run security scanners (like SAST tools), it is a general automation framework, not a dedicated dependency analysis tool.Artifact attestations(Option D) are used to prove the provenance and integrity of a build, andSealed boxes(Option B) is not a standard GitHub security feature related to vulnerability scanning. Utilizing Dependabot directly supports the Cisco SDSI objective of
"Securing the CI/CD pipeline" by proactively managing the Software Bill of Materials (SBOM) and ensuring that vulnerable components do not reach the production environment.
NEW QUESTION # 35
A security engineer on an application design team must choose a framework of attack patterns to evaluate during threat modeling. Which framework provides the common set of attacks?
- A. MITRE CAPEC
- B. Cisco SAFE
- C. SOC2
- D. GDPR
Answer: A
Explanation:
MITRE CAPEC (Common Attack Pattern Enumeration and Classification) provides a standardized catalog of attack patterns. It is specifically designed for use in threat modeling and application design, allowing security engineers to anticipate and evaluate common attacks.
NEW QUESTION # 36
A global marketing firm, based in California with customers on every continent, suffered a data breach that exposed employee and customer PII. Which regulations is the company in danger of violating?
- A. ISO27001
- B. GDPR
- C. FedRamp
- D. ISO SP800-53
Answer: B
Explanation:
Since the company serves customers on every continent, including the European Union, exposing customer PII puts it at risk of violating the General Data Protection Regulation (GDPR).
GDPR applies globally to any organization handling EU residents' personal data, regardless of where the company is based.
NEW QUESTION # 37
A construction company recently introduced a BYOD policy, where contractors can bring personal devices and connect to the wireless network. The network engineer configured a Wi-Fi network with a guest splash page to provide internet access only. Although the policy was limited to wireless devices, contractors started bringing devices that needed wired connections without authorization and connecting to the network. The network team suggested shutting down ports where unauthorized devices are connected. Which technology must be implemented to ensure that wired and wireless devices are granted network access only after successful authentication?
- A. 802.1x
- B. private VLANs
- C. VACLs
- D. VxLANs
Answer: A
Explanation:
To secure both wired and wireless access points against unauthorized devices, the industry-standard framework isIEEE 802.1x. This technology provides port-based network access control (PNAC), ensuring that no traffic-wired or wireless-is forwarded by the switch or access point until the device or user has been successfully authenticated by a central authority, typically a RADIUS server likeCisco Identity Services Engine (ISE).
In an 802.1x architecture, the device (Supplicant) must provide valid credentials or certificates to the switch
/AP (Authenticator). The Authenticator then communicates with the Authentication Server to verify the identity. If authentication fails, the port remains in a "closed" state, effectively preventing the unauthorized
"rogue" wired connections mentioned in the scenario. This approach is far more scalable and dynamic than manually shutting down ports or usingVACLs(Option C), which are static filters based on IP or MAC addresses.VxLANs(Option A) are used for network virtualization and overlay tunneling, whilePrivate VLANs(Option B) provide Layer 2 isolation within a subnet but do not verify identity. By implementing
802.1x, the construction company establishes a robust "gatekeeper" at the hardware level, satisfying the Cisco SDSI objective of securing the network edge through identity-based access control for a diverse set of devices.
========
NEW QUESTION # 38
Refer to the exhibit.
A software developer noticed that the application source code had been found on the internet. To avoid such an incident from happening again, the developer applied a DLP policy to prevent from uploading source code into generative AI tool like ChatGPT. When testing the policy, the developer noticed that it is still possible for the source code to be uploaded. Which action must the developer take to prevent this issue?
- A. Modify the data classifications.
- B. Enable the rule.
- C. Move the ChatGPT Source Code rule to the bottom.
- D. Change the DLP action from Monitor to Block.
Answer: D
Explanation:
In the provided exhibit of theCisco Data Loss Prevention (DLP) Policyinterface (likely within Cisco Umbrella or a similar cloud security gateway), the reason for the policy's failure to stop the upload is clearly visible in the "Action" column. The rule named"ChatGPT Source Code"is currently configured with the action set toMonitor.
According to theCisco SDSI v1.0objectives regarding application and data security, theMonitoraction is designed for visibility and auditing. It allows the traffic to pass through while generating a log entry for security analysts to review. This is often used during an initial "discovery" phase to understand how data is moving without disrupting business processes. However, to fulfill the requirement ofpreventingthe unauthorized upload of sensitive data-such as application source code-the policy must be enforcement- centric.
By selectingOption D, the developer changes the action from "Monitor" toBlock. In "Block" mode, the DLP engine will actively intercept the web request to ChatGPT, inspect the content for "Source Code" classifications, and drop the connection if a match is found, thereby preventing the data from leaving the corporate environment. While moving rules (Option B) can resolve conflicts if a "Block" rule is superseded by an "Allow" rule higher in the list, the primary issue here is the non-restrictive action of the specific rule itself. Modifying data classifications (Option C) is unnecessary if the engine is already correctly identifying the source code, as evidenced by the successful monitoring logs mentioned in the scenario. Changing the action to Block is the definitive step to ensure data integrity and prevent intellectual property theft.
NEW QUESTION # 39
Which tool is used by a SOC analyst to quarantine an endpoint?
- A. flow collector
- B. syslog
- C. Cisco XDR
- D. load balancer
Answer: C
Explanation:
In the event of a confirmed compromise, a SOC analyst must act quickly to prevent lateral movement.Cisco XDR (Extended Detection and Response)is the integrated security platform designed to provide cross- layered detection and automated response actions across the network, endpoint, and cloud. One of the most critical response actions within XDR is the ability toquarantine or isolate an endpoint.
Cisco XDR integrates with endpoint security agents (like Cisco Secure Client) and network infrastructure (like Cisco ISE). From a single interface, an analyst can trigger a "Host Isolation" command. This command instructs the endpoint agent to block all network traffic except for communication with the security console, effectively putting the device in digital quarantine. This is much faster and more effective than manually tracking down the device. Aflow collector(Option A) andsyslog(Option B) are diagnostic tools used for visibility and logging; they cannot take active enforcement actions. Aload balancer(Option C) manages traffic distribution for applications and is irrelevant to endpoint containment. Cisco XDR fulfills the SDSI objective of "Securing Infrastructure through Automation," allowing SOC teams to mitigate threats at scale through coordinated response workflows.
========
NEW QUESTION # 40
Which tool is used to collect, analyze, and visualize logs from network devices, endpoints, and other sources in an enterprise?
- A. Splunk
- B. Cisco Web Security Appliance
- C. Cisco Email Security Appliance
- D. Cloud Observability
Answer: A
Explanation:
Splunk is a SIEM and log management tool used to collect, analyze, and visualize logs from diverse sources such as network devices, endpoints, and applications. It provides centralized visibility for security monitoring and incident response.
NEW QUESTION # 41
Which design policy addresses harmful content creation by generative AI?
- A. retrieval augmented generation
- B. quantum resistant encryption
- C. human in the loop
- D. watermarking
Answer: D
Explanation:
Watermarking is a generative AI design policy that embeds hidden identifiers into AI-generated content. This helps address the risk of harmful content creation by enabling traceability and accountability, making it easier to detect and regulate malicious or misleading AI outputs.
NEW QUESTION # 42
An agricultural company wants to enhance the cybersecurity posture by implementing a defense-in-depth strategy to protect against polymorphic malware threats. Currently, the company's security infrastructure relies solely on a stateful traditional edge firewall that does not provide adequate protection against malware variants. Which technology must be added to the company's security architecture to achieve the goal?
- A. network performance monitor
- B. physical security control
- C. heuristics-based IPS
- D. web application firewall
Answer: C
Explanation:
Polymorphic malware is particularly dangerous because it constantly changes its identifiable features (such as its file name or encryption keys) to evade traditional signature-based detection. A stateful traditional firewall is ineffective here as it primarily checks packet headers rather than inspecting the payload for malicious intent. To defend against these variants, aheuristics-based IPS (Intrusion Prevention System)is required.
Unlike traditional IPS systems that look for an exact match of a known threat "signature," heuristics-based systems look forsuspicious characteristicsor behaviors. For example, if a file attempts to modify system registries in a specific sequence or uses obfuscation techniques common to malware, the heuristics engine will flag and block it even if it has never seen that specific version of the malware before. This is a core component ofCisco Secure Firewall (NGFW). While aWAF(Option A) protects web applications and a Network Performance Monitor(Option C) provides visibility into traffic speeds, neither is designed to combat evolving malware. Adding a heuristics-based IPS provides the "deep packet inspection" layer necessary for a true defense-in-depth strategy, ensuring the agricultural company is protected against modern, evasive cyber threats.
========
NEW QUESTION # 43
Refer to the exhibit. In addition to SSL decryption, which firewall feature allows malware to be blocked?
- A. SSL Offloading
- B. DLP
- C. File Inspection
- D. URL Filtering
Answer: C
Explanation:
In the exhibit, SSL decryption is already enabled, which allows encrypted traffic to be inspected.
To block malware hidden within decrypted traffic, the next required feature is File Inspection. This function analyzes files passing through the firewall to detect and stop malicious content.
NEW QUESTION # 44
A financial company is in the process of upgrading network access across the entire company.
The solution must ensure:
- least privilege access
- control access across different network segments
- increased security for employers
Which solution approach must the company take?
- A. RBAC
- B. PKI
- C. SNMP
- D. NetFlow
Answer: A
Explanation:
Role-Based Access Control (RBAC) enforces least privilege access by granting permissions based on roles, not individuals. It also provides centralized control across network segments, ensuring employees only have the access necessary for their responsibilities, thereby increasing overall security.
NEW QUESTION # 45
Which financial reporting regulatory framework must a publicly traded company doing business in the US comply with?
- A. SOC
- B. SOX
- C. HIPAA
- D. FEDRAMP
Answer: B
Explanation:
TheSarbanes-Oxley Act of 2002 (SOX)is a mandatory federal law that all publicly traded companies in the United States must comply with to ensure the accuracy and reliability of their corporate financial reporting.
Within theCisco Security Infrastructure (300-745 SDSI)framework, SOX is a critical driver for designing secure architectures, particularly regardingaccess control, data integrity, and auditing. Sections 302 and
404 of the act are of particular importance to IT security teams, as they mandate that corporate officers certify the effectiveness of internal controls over financial reporting.
To satisfy SOX requirements, a security designer must implement robust logging and monitoring to ensure that financial data cannot be altered without authorization. Technologies such asCisco Identity Services Engine (ISE)for role-based access control andCisco XDRfor centralized visibility are often utilized to provide the necessary audit trails. UnlikeHIPAA(Option A), which focuses on protected health information, or FedRAMP(Option D), which applies to cloud service providers for the federal government, SOX is a broad financial regulatory requirement. WhileSOC(Option C) reports (such as SOC 2) are independent auditing standards often requested by businesses to verify service provider controls, they are not the federal law itself.
Therefore, SOX remains the primary regulatory framework governing the security and integrity of financial reporting systems for public entities in the U.S.
NEW QUESTION # 46
......
Quickly and Easily Pass Cisco Exam with 300-745 real Dumps: https://pass4sure.dumps4pdf.com/300-745-valid-braindumps.html