Network Security

Worms can be classified as a type of computer virus that needs a third party or a user to replicate and spread through the system.

• True
• False

True or False? 802.1X can be configured on all switch interfaces, including Layer-3 interfaces.

• False
• True

A ………….. is a program that can infect other programs by modifying them, the modification includes a copy of the virus program, which can go on to infect other programs.

• VIRUS

Always disable unnecessary features of the web server that are not going to be used

• True
• False

You can configure user rights on the system, auditing, and other security settings such as creating a logon banner

• Local Policies
• User Settings
• Account Policies

It's anything that can interrupt the operation, functioning, integrity, or availability of a network or system.

• Threat
• Vulnerabilities
• Malware
• Attack

These are what make networks prone to information loss and downtime

• VULNERABILITIES

Why is RADIUS or TACACS+ needed? Why can’t the end user authenticate directly to the authentication server?

• Both RADIUS and TACACS+ extend the Layer-2 authentication protocols, allowing the end user to communicate with an authentication server that is not Layer-2 adjacent
• Because the names sound so cool.
• RADIUS and TACACS+ are used between the end user and the authentication server.
• The added level of complexity helps Cisco and other vendors to sell more products.

It ensure that the essential and vital services are only running on the system

• SERVICES RUNNING

is a crucial security update that you should always apply to your system

• Security hot-fix

A type of malware that automatically sends advertisements to the users.

• Adware

File system that has a features like permissions, encryption, quotas, and auditing services.

• NTFS

This is data being transported on a network.

• a. antidote
• b. worm
• c. traffic
• d. virus

Which of the following are types of AAA as related to the topics of this exam?

• Device access
• A division of minor league baseball
• Network administration
• Device administration
• Network access

It is a security concern because most scripting languages can make some alteration to your system.

• Cookies
• Cross-site scripting
• Scripting
• Java

It is another term for a runtime error

• Exception

It serves as a proof and verifies that you are the person you say you are or what you claim to be.

• Availability
• Authentication
• Authorization
• Accountability

Which three probes exist with device sensor?

• CDP, DHCP, RADIUS
• CDP, HTTP, SNMP
• CDP, DHCP, LLDP
• HTTP, CDP, RADIUS

It has been developed by ISO in the year 1984.

• ISO Reference Model
• 0SI Reference Model
• OS1 Reference Model
• OSI Reference Model

It is the foundation for all security policies.

• Security Trinity
• Prevention
• Detection
• Response

All the following are type of addresses except -__________.

Networking device that has a filtering feature where it sends the traffic only to the port of the destination device.

• Switch

Which of these are not part of security model that is very popular to information security.

• Integrity
• Confidentiality
• Availability
• Assurance

It is an advanced method of handling an error.

• Exception Handling

In computer security, …………………….. means that the information in a computer system only be accessible for reading by authorized parities.

• confidentiality

It is a security solution by organization to notice any malicious activity in a network.

• Network Detection

Network security is the practice of preventing and protecting against unauthorized intrusion into corporate networks.

• True

It means that the developer checks all the data to make sure that the information provided by the user in the application is valid and correct.

• try/catch block
• Input Validation
• Exception Handling

Which of the following are not part of OSI Layer?

• Transfer Layer
• Physical Layer
• Presentation Layer
• Session Layer

It was the first generation security standard for wireless network.

• a. WEP
• b. WRT
• c. ASC
• d. AST

Data Link Layer enables data transfer between two devices on the same network.

• True
• False

True or False? The profiling service is enabled by default on ISE policy service nodes.

• False
• True

any program design to damage specific file or computer system.

• Virus
• Malware

What is the name of the “secure cookie” used with EAP-FAST that can be used in lieu of a certificate, or even in addition to a certificate?

• Private authorization credential (PAC)
• Protected access credential (PAC)
• Protected password file (PPF)
• Shadow credential file (SCF)

If the network isn't a line or a point: it's a _____________.

• a. territory
• b. protected
• c. server down

It could be exploited because of an encryption key that was vulnerable to decoding.

• a. WSP 75
• b. WEP 64
• c. WEP 65
• d. WSP 90

Which command will validate that authentications are being attempted, which authentications are successful, and which authorization results have been assigned?

• show authentication method dot1x
• show authentication statistics
• show aaa servers
• show authentication session interface <interface>

True or False? RADIUS can be used for device administration AAA.

• False
• True

This layer is also called human-computer interaction layer.

• APPLICATION LAYER

Which one is not a component of fiber optics?

You must be able to identify when the configuration has changed or when some network traffic indicates a problem.

• Detection

When configuring a Cisco Wireless LAN Controller (WLC) for communication with ISE, what must be configured for the wireless LAN (WLAN)? (Choose two.)

• The WLAN must be configured for SNMP NAC.
• The authentication and authorization RADIUS servers can be pointed to different ISE PSNs, as long as those PSNs are part of a node group.
• The WLAN must be configured for RADIUS NAC.
• The authentication and authorization RADIUS servers can be pointed to the same ISE PSN.

True or False? The supplicant is required to trust the certificate of the authentication server before it will form the TLS tunnel within which the EAP transaction will occur.

• True
• False

Another term for Port security.

• MAC limiting

It is a special system used in industrial environments and settings to monitor their operations

• SCADA
• Android
• Mainframe
• Embedded

State whether true of false. i) A worm mails a copy of itself to other systems. ii) A worm executes a copy of itself on another system.

• TRUE,TRUE

It is anything that can disrupt the operation, functioning, integrity, or availability of a network or system

• Threat

Which host mode will permit a virtually unlimited number of endpoints per port, allowing all subsequent MAC addresses to share the authorization result of the first endpoint authorized?

• MDA
• Multi-Auth
• Single Mode
• Multi-Host

This is an enhanced encryption protocol combining a 104-bit key and a 24-bit initializing vector.

• a. WSP 130
• b. WEP 128
• c. WEP 130
• d. WSP 128

Any form of security incident that is properly handled can and eventually will turn into a bigger problem.

• True
• False

True or False? A machine authentication may use EAP-FAST.

• True
• False

Stephen Northcutt wrote an essay on the basics of network security for CS) online last year.

• False

True or False? ISE deployments must wait for Feed Service updates for new profiles.

• False
• True

It is a combined set of components for collecting, storing and processing data and for providing information, facts and knowledge.

• Computer System
• Database Management System
• Information System

Which of the following is true?

• The authenticator decides whether the supplicant is allowed on the network.
• The authenticator uses EAP to send the user’s credentials to the authentication server.
• The EAP communication occurs between the supplicant and theauthentication server.
• The supplicant uses RADIUS to communicate the user’s identity to the authentication server.

Which of these are not part of the two categories of Group Policy. (Choose any that applies)

• User settings
• Security settings
• Window settings
• Computer settings

It is a self-replicating program that is harmful to networks.

• worm

These layers work together to transmit the data from one person to another world wide.

• ISO Layer
• OS1 Layer
• OSI Layer
• 0SI Layer

What is the purpose of adding a user with the username radiustest password password command?

• Without the local username and password in the configuration, an administrator can be locked out of the switch when the RADIUS server is unavailable.
• The switch can send periodic RADIUS Access-Requests to the AAA servers to verify whether they are still alive. The username and password will be used for that test.
• The username and password are used for the local RADIUS server available in the switch, which is used in WAN down scenarios.
• The username and password are used for the supplicant’s outer identity to authenticate against the switch local user database.

Worm has the ability to replicate itself without a host program and spread independently while viruses rely on human activity to spread and damage a system or file.

• True
• False

Which of the following items are not valid terms for the names of the 7 OSI layers?

• a. transmission
• b. application
• c. session
• d. data link

These are the events or attacks that remove, corrupt, deny access to, allow access to, or steal information.

• a. data security attacks
• b. code security attacks
• c. external security attacks
• d. internal security attacks

Networking device that sends the packets to every one of its ports to ensure that it will reach its intended destination.

• HUB

It provides data routing paths where data will take for network communication.

• Network Layer
• Session Layer
• Data Link Layer
• Physical Layer

Is a service responsible for sending messages to other computers or users.

• Messenger service

It is a core feature of Windows that permits the network administrator to enable and disable different features in Windows

• Group Policy

OSI Layer that is sometimes called HCI layer.

• Application Layer

Type of malware that may contain an attachment to an email that loads malware onto your computer system.

• PHISHING

Which of the following protocols is best suited for granular command level control with device administration AAA?

• DIAMETER
• RADIUS
• TACACS+
• RADIUS+

Which of the following best describes an AV-pair?

• When communicating with an AAA protocol, the AV-pair stipulates a common attribute or object and its assigned value.
• Cisco likes to throw in terms to confuse the reader.
• The AV-pair is used to specify the quality of service (QoS) for audio and video traffic.
• The AV-pair is used to choose either TACACS+ or RADIUS.

The following codes is an example of?

• block syntax
• handling errors
• try/catch block
• Exception handling

“Imagine the status/service of a bank if its customers are unable to make transactions using their accounts “.This scenario refers to what goals of network security ……..

• Confidentiality

Large volume of data is also known as

• Big Data

This attack uses any password-cracking software to mathematically calculate every possible password.

• Hybrid Attack
• Dictionary Attack
• Brute-Force Attack

These are created with malicious intent and sent by attackers.

• a. antidote
• b. saving mode
• c. virus
• d. worm

You should configure your systems and networks as correctly as possible.

• Protection

Which of these are not part of the reason why network security is important (Choose all that applies)

• To gain a competitive advantage
• To expose company assets
• To keep your job as network administrator
• To take advantage of competitors confidential information

To avoid and prevent this type of attack, users should always choose the “Remember Me” option when logging in to any web site.

• True
• False

This network configuration has a Star Topology.

• a. No, it is a ring topology
• b. Yes, it is a star topology

How are updated profiles distributed to customer ISE deployments?

• The profiles are distributed together with the posture checks and compliance modules.
• Import the update packs that are downloaded from Cisco.com.
• Cisco’s Profiler Feed Service.
• Each new version of ISE or ISE patch includes new profile policies.

An attack that allows any unauthorized users a way or passage to get inside a restricted area.

• Tailgating

These are logon information from all the websites you visit and is stored in memory on computer

• Cookies

A tool (typically based on IPsec or SSL) that authenticates the communication between a device and a secure network, creating a secure, encrypted "tunnel" across the open internet.

• vpn

Which network topology requires terminators?

• a. bus network
• b. star network
• c. ring network

It helps prevent attackers from monitoring or recording traffic between resources and computers.

• a. data saving mode
• b. open encryption
• c. data encryption
• d. security code

SQL stands for?

• Structure Query Language
• Structured Query Lanquage
• Structure Query Languaqe
• Structured Query Language

it is the one managing the computer hardware resources in addition to applications and data.

• Application Software
• Operating System
• Information System
• System Software

Availability refers to the ability of a network to protect its information from any unauthorized access.

• True
• False

It helps keep data and equipment safe by giving only the appropriate people access.

• network security

It uses available resources, such as passwords or scripts.

• a. unstructured attacks
• b. common attacks
• c. structured attacks
• d. open attacks

Which network topology is the fastest?

• a. bus network
• b. star network
• c. ring network

Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access.

• True

Which of the following protocols is best suited for authenticating and authorizing a user for network access AAA?

• CHAP
• MS-CHAPv2
• RADIUS
• TACACS+

This is an improved version of WEP.

• a. GIP
• b. VLC
• c. GPS
• d. WPA

Software that makes each network devices works and do its job is called?

• Firmware

It is an act that exploits a vulnerability.

• ATTACK

If there's one common theme among security experts, it's that relying on one single line of defense is dangerous, because any single defensive tool can be defeated by a determined adversary.

• defense in depth strategy

It is a type of an injection attack that makes it possible to insert and execute malicious SQL statements

• Buffer Overflow
• SOL Injection
• SQL Injection

As a philosophy, it complements midpoint security, which focuses on individual devices; preventive security instead focuses on how those devices interact, and on the connective tissue between them.

• False

Identify which of the following is NOT a potential risk to the network security.

• Anti-virus Protection

After identifying problems quickly, you must respond to them and return to a safe state as rapidly as possible.

• Reaction

When configuring a Cisco switch for 802.1X, at which level of the configuration do the 802.1X-related commands exist?

• Both at global configuration level as well as per interface.
• Global configuration only.
• Enabling 802.1X changes the context to a dot1x subconfiguration mode, where all related commands are entered.
• Interface configuration only.

In implementing network security, company should invest more in preventing or avoiding any security breach over detecting and responding to any form of attack

• True
• False

Name three ways in which an endpoint profile can be used in an authorization policy rule?

• EndPointPolicy attribute
• Logical profiles
• NMAP OS-Scan result
• EndPointProfile attribute
• Endpoint identity groups

The goal of ______________ is to reduce the exposure of the organization to malicious code.

• Access control

It has an additional ability where they can modify security settings of a software.

• Spyware
• Adware
• Malware
• Ransomware

An alternative way to access software or hardware, typically unauthorized and implanted by intelligence agencies.

• Backdoor

Two different devices can communicate with each other regardless of the manufacturer as long as they have the same protocol.

• True
• False

Which ISE tool enables an administrator to drill down in to the profiles that have been assigned to locate a specific endpoint with that profile?

• Profiler Activity Window
• Endpoints Drill-down
• Cisco Endpoint Profiling Examination Tool (CEPET)
• Profiled Endpoints Counter

Based with SANS Technology Institute, it is the process of making preventative measures to keep the underlying networking infrastructure from any unauthorized access.

• Network Security
• Application Security
• Security
• Cyber Security

Layer that is responsible for establishing and maintaining connections.

• Network Layer
• Presentation Layer
• Physical Layer
• Session Layer

An abbreviation that is consider as the brains of the computer.

• CPU

When using RADIUS, what tells the AAA server which type of action is being authenticated?

• The action AV-pair.
• RADIUS does not distinguish between different services.
• The Service-Type field.
• The TACACS+ service.

True or False? A tunneled EAP type is able to use native EAP types as its inner method.

• False
• True

Which of the following best describes the difference between authentication and authorization?

• Authorization determines what a user may do, whereas an authentication determines what devices the user can interact with.
• Authentication validates the user’s identity, whereas authorization determines what that user is permitted to do.
• Authentication is used with both network access and device administration, whereas authorization applies only to device administration.
• There is no difference between authentication and authorization.

An attack where the hacker mimics another employee in the company.

• Impersonation

It is a type of reporting method that is used to report critical events that typically require some form of actions from the system or network administrator.

• Alarms

It is the connection of two or more computer that share its resources

• Network

A software that can detect malware.

• Application Software
• Firewall
• Antivirus Software
• Scanner

Which of the following is independent malicious program that need not any host program?

• Worm

This layer involves devices such as router, UTP Cables and other networking devices to transfer data.

• Data Link Layer
• Physical Layer
• Transport Layer
• Session Layer

The following are the goals of network security, EXCEPT;

• Threat Assessment

Which interface-level command is the equivalent of “turn authentication on”?

• aaa server radius dynamic-author
• dot1x system-auth-control
• authentication port-control auto
• ip device-tracking

True or False? Cisco switches should be configured in production to send syslog messages to the ISE MNT node.

• False
• True

What are the signs and symptoms that your device/s are getting infected by any malware. (Choose all that applies)

• Slower computer performance
• Software freezes or crashes
• Increased CPU usage
• Appearance of strange desktop icons

Refers to the information system which ensures that the information remains accurate.

• Integrity

Brute force attack are often successful because most of the users uses different ordinary words as their passwords.

• False

It will help the company to provide a better strategy in keeping a data secured while avoiding intruders to alter or steal important and confidential information.

• CIA Triad of Information
• Security Trinity
• Network Security
• Network Administrator

Any form of security incident that is not properly handled can and eventually wont turn into a bigger problem that will lead to a damaging data breach and wont cause large amount of expense or it will collapse the whole system

• False

Software vendors used to find out about the vulnerabilities of their system after receiving some reports from their users.

• True
• False

____________ is used to describe those hackers who use their computer skills with malicious intent for illegal purposes or nefarious activities.

• Black hat

This refers to the events or attacks that steal, damage, or destroy equipment.

• a. internal security threats
• b. social security threats
• c. external security threats
• d. physical security threats

What are the three main components of IEEE 802.1X?

• Supplicant, authorizer, authorization server
• EAP, RADIUS, TLS
• Agent, broker, authentication server
• Authentication server, supplicant, authenticator

What does LAN stand for?

• a. Low Area Network
• b. Local Area Network
• c. Local Arial Net

Big corporations are not at risks to any form of security breach.

• True
• False

A set of instructions and execute a specific task/s

• Software

It disguises as useful software.

• a. .exe
• b. .jpl
• c. trojan horse
• d. sad mcface

Which of the following are TACACS+ messages sent from the AAA client to the AAA server? (Select all that apply.)

• CHALLENGE
• REPLY
• START
• REQUEST

A security layer used in mobile devices that employ the Wireless Applications Protocol (WAP).

• a. Wi-Fi
• b. WTLS
• c. WWW
• d. WSAW

FM radio signal is an example of full-duplex communication.

What determines when an endpoint is assigned to a profile?

• The ISE posture agent will identify the profile of an endpoint to ISE.
• The profile that matches the most conditions will be assigned.
• All profiles are manually assigned by the administrator.
• The certainty value must equal or exceed the minimum certainty value of the profile.

Bridge is a networking device used at network layer of the OSI reference model.

Which of the following technologies enables an administrator to maintain the same configuration on all access ports, on all switches, regardless of the type of device connecting to the network?

• Flex-Auth
• Flex-Connect
• AnyConnect
• Multi-Auth

It can manipulate your system including the deletion of the important files on your computer.

• ActiveX controls

True or False? IEEE 802.1X may use TACACS+ to communicate the EAP identity to the authentication server.

• False
• True

Human beings are inevitably the weakest security link. You need to implement technologies and processes to ensure that staffers don't deliberately or inadvertently send sensitive data outside the network.

• a. Firewall
• b. E-mail Security
• c. Data Loss Prevention

Which probe is used to trigger the SNMPQUERY probe to query a NAD?

• RADIUS
• SNMPQUERY
• HTTP
• SNMPTRAP
• Both A and D
• Both C and D

One example is when an employee intends to cause damage.

• a. open threats
• b. secure threats
• c. malicious threats

What is the purpose of an outer identity?

• The outer identity represents the machine, whereas the inner identity represents the user during EAP chaining.
• The outer identity provides a mechanism to authenticate the identity of the endpoint during the tunnel establishment phase.
• The outer identity is used for dual-factor authentications such as a username/password combined with a one-time password (OTP).
• The outer identity provides a mechanism to modify the actual identity of the end user or device to allow for identity spoofing.

Internet is an example of a network.

• True

It is an end-to-end layer used to deliver messages to a host

• Session Layer
• Physical Layer
• Transport Layer
• Network Layer

It is a wireless security protocol created by Cisco to address the weaknesses in WEP and WPA.

• a. EXE
• b. LEAP
• c. RMG
• d. RAM

What does WAN stand for?

• a. wide antenna network
• b. world area network
• c. wide area network

This attack tries to defeat an authentication mechanism by systematically entering each word in a dictionary as a password.

• Brute-Force Attack
• Hybrid Attack
• Dictionary Attack

Preventive security is implemented by the tasks and tools you use to prevent unauthorized people or programs from accessing your networks and the devices connected to them.

• False

It is a set of standards that are widely used as a basis for communication.

• Protocol

Which of the following are the commands for disabling a port in a Network Switch. Choose any that Apply

• SWITCH>enable
• SWITCH#config term
• SWITCH(config)#interface range f0/4-8
• SWITCH(config-if-range)#shutdown
• SWITCH 1>enable
• SWITCH 1#configure terminal
• SWITCH 1(config)#interface f0/2
• SWITCH 1(config-if)#no shutdown
• SWITCH 1(config-if)#shutdown
• SWITCH#configure terminal
• SWITCH(config)#interface f0/2
• SWITCH(config-if)#no shutdown

This is a way of adding secondary layer of security to your account password.

• Two-factor authentication
• Biometric Authentication
• OTP Codes
• Complex Password

It determines whether you are allowed to access a specific information or file.

• Authorization

Attack that send an email that contains attachment that loads malware onto your computer

• Phishing

How many key phases are there in an incident response plan ?

• 6

Software designed to detect, disable, and remove viruses, worms, and Trojans.

• a. worm
• b. virus
• c. antidote
• d. antivirus

Combination of brute force and dictionary attack.

• Hybrid attack

This is a device used to convert analog signal to digital and vice-versa.

A popular feature of Windows that allows you to harden multiple systems quickly.

• SECURITY TEMPLATES

very single application must go through the options and check whether each application is configured in the most secure state.

• True
• False

This is when the user damages data or equipment unintentionally.

• a. accidental threats
• b. internal threats
• c. external threats
• d. leading threats

It is sometimes called TCP hijacking attack.

• Sniffer
• IP Spoofing
• Man-in-the-middle attack
• DoS and DDoS Attacks

It pretends to be a legitimate programs in order to gain access to a system.

• Virus
• Adware
• Trojan Horse
• Worms

True or False? MSCHAPv2 may be used to perform machine authentication with an LDAP connection to Active Directory.

• True
• False

What is a computer network?

• a. a number of computers in a room
• b. a number of connected computers
• c. a type of computer

You should be able to block unauthorized users and devices from accessing your network.

• Access control

This is a networking infrastructure company.

• a. CISCO
• b. Network Apps
• c. JavaScript

This is a way of protecting a computer from intrusion through the ports.

• firewall

What will happen when an ISE administrator has modified a profile and then a Feed Service update is downloaded that contains an updated version of that profile?

• The admin will be prompted to choose to overwrite or ignore the profile update.
• All nonconflicting profiles will be downloaded and installed. The conflicting profiles will be ignored.
• The profile is overwritten with the version in the Feed Service Update.
• The update will fail and an alarm will be triggered on the dashboard and in email.

It is designed to appear as a legit program to gain access to a network.

• Trojan Horse

Information policy where the data should be access by an authorized person/s only.

• Confidentiality

Developers should always implement validation at both the client and the server to obtain high level of security.

• True
• False

It can limit which devices can connect to a specific port on the switch by listing specific MAC addresses with the port.

• Port Security

It is a restricted area with a resource that these Java applications can access.

• Sandbox
• Scripting
• ActiveX controls
• Java

It uses code to access operating systems and software.

• a. malicious attacks
• b. structured attacks
• c. close attacks
• d. open attacks

CSMA/CD stands for ....

• a. Currier Sense Multiple Access with Collusion Detection
• b. Common Sense Media Access with Collusion Detection
• c. Currier Sense Multiple Access with Collided Data
• d. Currier Sense Multiple Access with Company Data

It may contain phishing scams and malware.

• SPAM

_Select the statement that is NOT an advantage of a LAN.

• a. Initial set-up is expensive.
• b. It is easily expandable.
• c. Peripherals can be shared.
• d. Software and files can be shared.

Type of software that is often called as end-user programs.

• Application software

Is any program that is harmful to a computer user.

• Worm
• Trojan horse
• Malware
• Virus

worms, and trojans by definition attempt

• Anti-malware

Which of the following Cisco products should be used for device administration with TACACS+?

• Cisco TACACS+ Control Server (TCS)
• Cisco Identity Services Engine
• Cisco Centri
• Cisco Secure Access Control Server (ACS)

Adware is a type of malware that restricts user access to the computer either by encrypting files on the hard drive or locking down the system

• True
• False

Which supplicant(s) is capable of EAP chaining?

• Windows Native Supplicant
• Cisco AnyConnect NAM
• Cisco Secure Services Client (CSSC)
• Odyssey Client

Cryptocurrency, a form of electronic cash created by Satoshi Nakamoto.

• Bitcoin

Is the process of using social skills to encourage people to disclose their credentials

• Social Engineering
• Tailgating
• Spam
• Phishing

it is a type of reports that is only used to notify the system administrator that there’s a change occurred in the system.

• Alerts

What is a stand alone computer?

• a. a portable computer
• b. fiber glass
• c. a computer not connected to a network
• d. a computer connected to a network

An act that exploits a weakness in a system.

• Threat
• Malware
• Vulnerabilities
• Attack

An information that is only accessed by an authorized person.

• Confidential Information

It is an advanced method of error handling.

• Exception handling
• Error message
• Run-time error

SMTP and FTP are used to transfer information over a computer network.

• True
• False

The goal of _____________ is to reduce the exposure of the organization to malicious code.

• Access control

It is the idea of developing a database system to store and retrieve large volumes of data

• NOSQL DATABASE

Which command on a Cisco switch will display the current status of the AAA server(s)?

• show radius servers
• show authentication servers
• show ise servers
• show aaa servers

This attack happens when the attacker or hacker sends too much information to the application causing it to overflow

• Buffer Overflow

What are two ways to collect HTTP user agent strings?

• SPAN port mirroring
• Directly from ISE web portals
• The Cisco WSA device sensor
• Device sensor in the switch
• Through the AnyConnect HTTP User Agent Reporting Tool