ExLearner

Hi All, Passed the exam. CD247 is still valid. There are very few questions which are in PL. Both given in previous pages by multiple people. Just check the answers yourselves. Quick search the question in google shows you discussions on examtopic.com. They are useful. Good luck.

I don't agree with this either. B is secure data at REST. POS/POI terminals' TLS encryption of traffic is nothing to do with data at rest . Secure admin access to POI/POS terminals (with TLS) does.

I don't agree. MACSec performance is inversely correlated to packet size. Ref: [Hidden Content]

This one is wrong both in CD247 (Q14) and PL292 (Q248). A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements as it is running TLSv1.0 The customer plans to migrate the terminals to TISv1.2 What are two requirements to complete the migration? (Choose two ) A. Ensure that strong cryptography is applied for users who have administrative access through networks B. Apply strong cryptography & security protocols to safeguard sensitive cardholder data C. Apply strong encryption for transmission of cardholder data across public networks D. Protect all user systems against Malware and frequently updating antivirus software E. Maintain a policy that addresses information security for employees and third parties The answer should be A & C. It asks what are the two PCI DSS requirements which are the reasons of this TLSv1.2 upgrade. TLS is about transporting data securely. Only A & C is related to transporting the encrypted data. Answer is also clearly stated in this article "What this means for PCI DSS" section: [Hidden Content]

thanks buddy for the update! congrats!

We have this in 3 questions. Cisco Zero Trust model for Workforce, Workload, Workplace: ------------------------------------------ Cisco Zero Trust for Workforce 1-Verify identity of users 1a-Multi-factor authentication (MFA) 2-Ensure trustworthiness of devices 2a-Endpoint posture & context visibility 3-Enforce risk-based and adaptive access policies 3a-Per application access policies that vary based on risk tolerance levels ------------------------------------------ Cisco Zero Trust for Workload 1-Visibility and behavior modeling 1a-Application discovery and dependency maps 1b-All Processes, cmds, files, users and network comms 2-Per workload, micro-segmentation policy 2a-Automated, context-based,segmentation policy 2b-Consistent policy: Any workload, Anywhere 3-Real-time security health of workloads 3a-Security visibility and health score 3b-Vulnerability, anomaly, forensic and threat data ------------------------------------------ Cisco Zero Trust for the Workplace: 1-Discover and classify devices 1a-IoT device profiling 1b-BYOD lifecycle management 1c-User device Posture 2-Context-based network access control policy for users and things 2a-Dynamic precise policies 2b-Group-based (SGT) 3-Continuous security health monitoring of devices 3a-Continuous Posture 3b-Vulnerability assessments 3c-Indications of compromise Ref: [Hidden Content]

PL QUESTION 267 - An enterprise wants to provide low-cost delivery of network systems that can be scaled on business demand, followed by an initiative to reduce capital expenses for new IT equipment. Which technology meets these goals? A. IaaS within an on-premises location B. SaaS within an on-premises location C. IaaS within a private cloud D. PaaS within a public cloud PL Answer: D but I think IaaS within a private cloud is the answer. They need to deliver network systems. Not sure exactly what it means but it doesn't sound like something you can put on a platform but an infrastructure...

PL QUESTION 247 A product manufacturing organization is integrating cloud services into their IT solution. The IT team is working on the preparation phase of the implementation approach, which includes the Define Strategy step. This step defines the scope of IT, the application, and the service. What is one topic that should be considered in the Define Strategy step? A. due diligence and financial scenarios B. innovate and align with business according to volume C. contingency exit strategy steps D. financial and governance models PL Answer: C Seems to be D according to this ref document: [Hidden Content]

This is really tricky: I changed my views on the matter so I'm editing it. PL QUESTION 221: Which two features are advantages of SD-WAN compared to MPLS-based connectivity? (Choose two.) A. uses FEC constructs for traffic forwarding, thereby improving efficiency B. separates infrastructure and policy C. uses policy-based forwarding of real-time traffic with less complexity D. unifies the WAN backbone E. manages failures through backup links C & D are correct. I think in B, means it's actually marry/bring close the policy with infrastructure than MPLS. Steers real-time traffic based on centralised policy and unifies the WAN backbone are correct. Ref: [Hidden Content]

PL QUESTION 218: Which technology supports antispoofing and does not have any impact on encryption performance regardless of packet size? A. MACsec B. IP source guard C. DHCP snooping with DAI D. IPsec PL Answer: A Actually B. Most people agree: [Hidden Content]

be careful on this one. It seems like the answer is not as PL. [Hidden Content] Ref: [Hidden Content]

Thanks Leonardo. Congratulations. I think in that drag and drop, although Loose Mode allows to filter the Bogon IP addresses, it checks the source against the FIB without regard for the specific interface on which it was received... So I would select that option. Ref: " ... Unicast RPF was modified from its original strict mode implementation to check the source addresses of each ingress packet without regard for the specific interface on which it was received. This modification is known as “loose mode.”" ... "Loose mode removes the match requirement on the specific ingress interface, allowing Unicast RPF to loose-check packets." ... "check the source IP address of ingress packets to determine whether they exist in the FIB. If they exist, the packets are forwarded. If they do not exist in the FIB, the packets fail and are dropped." [Hidden Content]

Funny moments: PassLeader question 25 and 231. Same question, different answers 😉 Come on PL.

Leonardo, look at both, (search the few words from question on the other) and also search the question in google. it's show the question in examtopics.com. see if they are different and read the discussion under the question in there. you'll figure it out. some questions are really dubious.

anyone passed recently? I'm planning to take it next week. currently working on the CD247.