Cisco 350-701 Exam Dumps Options To Pass the Exam 2023

Jonnie Karnath2023-04-08T08:42:11+00:00

Cisco 350-701 exam dumps are an excellent tool for anyone preparing for the Implementing and Operating Cisco Security Core Technologies (SCOR) exam. It covers all the topics and concepts that you need to know to pass the exam. They are designed by industry experts who have in-depth knowledge of the subject matter and can provide you with the most relevant and accurate information. Using Cisco 350-701 exam dumps will give you a realistic exam experience, as the questions are similar in format and difficulty to the actual exam questions. This will help you prepare better for the exam and reduce exam anxiety. It will also helps you identify your strengths and weaknesses and focus your study efforts accordingly.

Page 1 of 17

1. Which algorithm provides asymmetric encryption?

RC4

AES

RSA

3DES

2. An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

CNAME

SPF

DKIM

3. Which MDM configuration provides scalability?

pushing WPA2-Enterprise settings automatically to devices

enabling use of device features such as camera use

BYOD support without extra appliance or licenses

automatic device classification with level 7 fingerprinting

4. What must be enabled to secure SaaS-based applications?

modular policy framework

two-factor authentication

application security gateway

end-to-end encryption

5. Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

6. Which technology reduces data loss by identifying sensitive information stored in public computing

environments?

Cisco SDA

Cisco Firepower

Cisco HyperFlex

Cisco Cloudlock

7. An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.The application used on those systems also have not gone through stringent code reviews.

Which vulnerabilitywould help an attacker brute force their way into the systems?

weak passwords

lack of input validation

missing encryption

lack of file permission

8. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. Thecompany needs to be able to protect sensitive data throughout the full environment.

Which tool should be used

to accomplish this goal?

Security Manager

Cloudlock

Web Security Appliance

Cisco ISE

9. When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?

It blocks the request.

It applies the global policy.

It applies the next identification profile policy.

It applies the advanced policy.

10. When a next-generation endpoint security solution is selected for a company, what are two key

deliverables that help justify the implementation? (Choose two.)

signature-based endpoint protection on company endpoints

macro-based protection to keep connected endpoints safe

continuous monitoring of all files that are located on connected endpoints

email integration to protect endpoints from malicious content that is located in email

real-time feeds from global threat intelligence centers

Page 2 of 17

11. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications.

Whichvulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

unencrypted links for traffic

software bugs on applications

improper file security

12. Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

Orchestration

CI/CD pipeline

Container

Security

13. What provides visibility and awareness into what is currently occurring on the network?

CMX

WMI

Prime Infrastructure

Telemetry

14. Which two descriptions of AES encryption are true? (Choose two)

AES is less secure than 3DE

AES is more secure than 3DE

AES can use a 168-bit key for encryption.

AES can use a 256-bit key for encryption.

AES encrypts and decrypts a key three times in sequence.

15. Which category includes DoS Attacks?

Virus attacks

Trojan attacks

Flood attacks

Phishing attacks

16. What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

It defines what data is going to be encrypted via the VPN

lt configures the pre-shared authentication key

It prevents all IP addresses from connecting to the VPN server.

It configures the local address for the VPN server.

17. An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.The chosen firewalls must provide methods of blocking traffic that include offering the user the optionto bypass the block for certain sites after displaying a warning page and to reset the connection.

Whichsolution should the organization choose?

Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not

Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.

Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not

Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

18. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Cisco Cloudlock

Cisco Umbrella

Cisco AMP

Cisco App Dynamics

19. Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)

Cisco Umbrella

Cisco ISE

Cisco DNA Center

Cisco TrustSec

Cisco Duo Security

20. An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default managementport conflicts with other communications on the network and must be changed.

What must be done to ensurethat all devices can communicate together?

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

Set the tunnel to go through the Cisco FTD

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

Set the tunnel port to 8305

Page 3 of 17

21. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to aconnection being established. The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

Cisco Firepower

Cisco Umbrella

ISE

AMP

22. Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

cloud web services

network AMP

private cloud

public cloud

23. What is the difference between a vulnerability and an exploit?

A vulnerability is a hypothetical event for an attacker to exploit

A vulnerability is a weakness that can be exploited by an attacker

An exploit is a weakness that can cause a vulnerability in the network

An exploit is a hypothetical event that causes a vulnerability in the network

24. An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group.Whichprobe must be enabled for this type of profiling to work?

NetFlow

NMAP

SNMP

DHCP

25. An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA.

Which Cisco ASA

command must be used?

flow-export destination inside 1.1.1.1 2055

ip flow monitor input

ip flow-export destination 1.1.1.1 2055

flow exporter

26. Which API method and required attribute are used to add a device into DNAC with the native API?

lastSyncTime and pid

POST and name

userSudiSerialNos and devicelnfo

GET and serialNumber

27. What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?

trusted automated exchange

Indicators of Compromise

The Exploit Database

threat intelligence

28. Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

exploits

ARP spoofing

denial-of-service attacks

malware

eavesdropping

29. Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

The authentication request contains only a password

The authentication request contains only a username

The authentication and authorization requests are grouped in a single packet

There are separate authentication and authorization request packets

30. Which VPN technology can support a multivendor environment and secure traffic between sites?

SSL VPN

GET VPN

FlexVPN

DMVPN

Page 4 of 17

31. What is a feature of container orchestration?

ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane

ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane

ability to deploy Kubernetes clusters in air-gapped sites

automated daily updates

32. A malicious user gained network access by spoofing printer connections that were authorized using MAB onfour different switch ports at the same time.

What two catalyst switch security features will prevent furtherviolations? (Choose two)

DHCP Snooping

802.1AE MacSec

Port security

IP Device track

Dynamic ARP inspection

Private VLANs

33. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

It tracks flow-create, flow-teardown, and flow-denied events.

It provides stateless IP flow tracking that exports all records of a specific flow.

It tracks the flow continuously and provides updates every 10 seconds.

Its events match all traffic classes in parallel.

34. Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.

Use EEM to have the ports return to service automatically in less than 300 seconds.

Enter the shutdown and no shutdown commands on the interfaces.

Enable the snmp-server enable traps command and wait 300 seconds

Ensure that interfaces are configured with the error-disable detection and recovery feature

35. Which component of Cisco umbrella architecture increases reliability of the service?

Anycast IP

AMP Threat grid

Cisco Talos

BGP route reflector

36. What is the purpose of joining Cisco WSAs to an appliance group?

All WSAs in the group can view file analysis results.

The group supports improved redundancy

It supports cluster operations to expedite the malware analysis process.

It simplifies the task of patching multiple appliances.

37. Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

URLs

protocol IDs

IP addresses

MAC addresses

port numbers

38. DRAG DROP

Drag and drop the security solutions from the left onto the benefits they provide on the right.

Diagram

Description automatically generated

Diagram

Description automatically generated

39. Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block.

What is the result of the configuration?

Only URLs for botnets with reputation scores of 1-3 will be blocked.

Only URLs for botnets with a reputation score of 3 will be blocked.

Only URLs for botnets with reputation scores of 3-5 will be blocked.

Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked.

40. An engineer recently completed the system setup on a Cisco WSA Which URL information does the system send to SensorBase Network servers?

Summarized server-name information and MD5-hashed path information

complete URL,without obfuscating the path segments

URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect

none because SensorBase Network Participation is disabled by default

Page 5 of 17

41. A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

phishing

slowloris

pharming

SYN flood

42. What are two rootkit types? (Choose two)

registry

virtual

bootloader

user mode

buffer mode

43. What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?

Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not.

Cisco AMP for Endpoints prevents connections to malicious destinations, and C malware.

Cisco AMP for Endpoints automatically researches indicators of compromise ..

Cisco AMP for Endpoints prevents, detects, and responds to attacks before and against Internet threats.

44. What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Place the Cisco ISE server and the AD server in the same subnet

Configure a common administrator account

Configure a common DNS server

Synchronize the clocks of the Cisco ISE server and the AD server

45. Why is it important to patch endpoints consistently?

Patching reduces the attack surface of the infrastructure.

Patching helps to mitigate vulnerabilities.

Patching is required per the vendor contract.

Patching allows for creating a honeypot.

46. Which command enables 802.1X globally on a Cisco switch?

dot1x system-auth-control

dot1x pae authenticator

authentication port-control aut

aaa new-model

47. How does the Cisco WSA enforce bandwidth restrictions for web applications?

It implements a policy route to redirect application traffic to a lower-bandwidth link.

It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WS

It sends commands to the uplink router to apply traffic policing to the application traffic.

It simulates a slower link by introducing latency into application traffic.

48. What is a benefit of using Cisco FMC over Cisco ASDM?

Cisco FMC uses Java while Cisco ASDM uses HTML5.

Cisco FMC provides centralized management while Cisco ASDM does not.

Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

49. An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACKand sequence.

Which protocol accomplishes this goal?

AES-192

IKEv1

AES-256

ESP

50. What is a difference between GETVPN and IPsec?

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

GETVPN provides key management and security association management

GETVPN is based on IKEv2 and does not support IKEv1

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

Page 6 of 17

51. An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies inthe traffic from industrial systems.

What must be done to meet these requirements?

Implement pre-filter policies for the CIP preprocessor

Enable traffic analysis in the Cisco FTD

Configure intrusion rules for the DNP3 preprocessor

Modify the access control policy to trust the industrial traffic

52. Which option is the main function of Cisco Firepower impact flags?

They alert administrators when critical events occur.

They highlight known and suspected malicious IP addresses in reports.

They correlate data about intrusions and vulnerability.

They identify data that the ASA sends to the Firepower module.

53. Which network monitoring solution uses streams and pushes operational data to provide a near real-time view

of activity?

SNMP

SMTP

syslog

model-driven telemetry

54. What provides total management for mobile and PC including managing inventory and device tracking, remote view, and live troubleshooting using the included native remote desktop support?

mobile device management

mobile content management

mobile application management

mobile access management

55. Which technology is used to improve web traffic performance by proxy caching?

WSA

Firepower

FireSIGHT

ASA

56. After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

Configure the trackingconfig command to enable message tracking.

Generate a system report.

Review the log files.

Perform a trace.

57. How is DNS tunneling used to exfiltrate data out of a corporate network?

It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

58. An organization wants to secure data in a cloud environment. Its security model requires that all users beauthenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default.

Which technology must be used to implement these requirements?

Virtual routing and forwarding

Microsegmentation

Access control policy

Virtual LAN

59. A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1.

Which command achieves this goal?

snmp-server host inside 10.255.254.1 version 3 andy

snmp-server host inside 10.255.254.1 version 3 myv3

snmp-server host inside 10.255.254.1 snmpv3 andy

snmp-server host inside 10.255.254.1 snmpv3 myv3

60. DRAG DROP

Drag and drop the threats from the left onto examples of that threat on the right

A picture containing letter

Description automatically generated

A picture containing letter

Description automatically generated

Page 7 of 17

61. What is a characteristic of traffic storm control behavior?

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level withinthe interval.

Traffic storm control cannot determine if the packet is unicast or broadcast.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet isunicast or broadcast.

62. An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)

Specify the NTP version

Configure the NTP stratum

Set the authentication key

Choose the interface for syncing to the NTP server

Set the NTP DNS hostname

63. What is a characteristic of Firepower NGIPS inline deployment mode?

ASA with Firepower module cannot be deployed.

It cannot take actions such as blocking traffic.

It is out-of-band from traffic.

It must have inline interface pairs configured.

64. An engineer is configuring AMP for endpoints and wants to block certain files from executing.

Which outbreak

control method is used to accomplish this task?

device flow correlation

simple detections

application blocking list

advanced custom detections

65. An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.The application used on those systems also have not gone through stringent code reviews.

Which vulnerabilitywould help an attacker brute force their way into the systems?

weak passwords

lack of input validation

missing encryption

lack of file permission

66. What are two functionalities of SDN Northbound APIs? (Choose two.)

Northbound APIs provide a programmable interface for applications to dynamically configure the network.

Northbound APIs form the interface between the SDN controller and business applications.

OpenFlow is a standardized northbound API protocol.

Northbound APIs use the NETCONF protocol to communicate with applications.

Northbound APIs form the interface between the SDN controller and the network switches or routers.

67. In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)

It prevents use of compromised accounts and social engineering.

It prevents all zero-day attacks coming from the Internet.

It automatically removes malicious emails from users' inbox.

It prevents trojan horse malware using sensors.

It secures all passwords that are shared in video conferences.

68. Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

virtualization

middleware

operating systems

applications

data

69. What is managed by Cisco Security Manager?

access point

WSA

ASA

ESA

70. DRAG DROP

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Table

Description automatically generated

Table

Description automatically generated

Page 8 of 17

71. Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA

Center?

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice?parameter1=value&parameter2=value&....

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v 1/networkdevice/startIndex/recordsToReturn

72. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting theendpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

73. How does Cisco AMP for Endpoints provide next-generation protection?

It encrypts data on user endpoints to protect against ransomware.

It leverages an endpoint protection platform and endpoint detection and response.

It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from threat intelligence centers.

It integrates with Cisco FTD devices.

74. Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and processactivity on an endpoint?

endpoint isolation

advanced search

advanced investigation

retrospective security

75. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention

System?

Correlation

Intrusion

Access Control

Network Discovery

76. A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

Transparent mode

Forward file

PAC file

Bridge mode

77. An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems.

Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

Platform as a Service because the customer manages the operating system

Infrastructure as a Service because the customer manages the operating system

Platform as a Service because the service provider manages the operating system

Infrastructure as a Service because the service provider manages the operating system

78. What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)

Allows developers to create code once and deploy to multiple clouds

helps maintain source code for cloud deployments

manages Docker containers

manages Kubernetes clusters

Creates complex tasks for managing code

79. A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.

What must be configured to accomplish this?

a Network Discovery policy to receive data from the host

a Threat Intelligence policy to download the data from the host

a File Analysis policy to send file data into Cisco Firepower

a Network Analysis policy to receive NetFlow data from the host

80. What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCPsnooping binding database.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only.

Page 9 of 17

81. What are two Trojan malware attacks? (Choose two)

Frontdoor

Rootkit

Smurf

Backdoor

Sync

82. What is a benefit of using a multifactor authentication strategy?

It provides visibility into devices to establish device trust.

It provides secure remote access for applications.

It provides an easy, single sign-on experience against multiple applications

lt protects data by enabling the use of a second validation of identity.

83. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

84. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

consumption

sharing

analysis

authoring

85. What are two recommended approaches to stop DNS tunneling for data exfiltration and command and control call backs? (Choose two.)

Use intrusion prevention system.

Block all TXT DNS records.

Enforce security over port 53.

Use next generation firewalls.

Use Cisco Umbrella.

86. What is a difference between FlexVPN and DMVPN?

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

87. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

88. Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

PaaS

XaaS

IaaS

SaaS

89. Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

Nexus

Stealthwatch

Firepower

Tetration

90. What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

Page 10 of 17

91. What is a difference between an XSS attack and an SQL injection attack?

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them

92. Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?

filters

group key

company key

connector

93. What is a commonality between DMVPN and FlexVPN technologies?

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

FlexVPN and DMVPN use the new key management protocol

FlexVPN and DMVPN use the same hashing algorithms

IOS routers run the same NHRP code for DMVPN and FlexVPN

94. With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your

environment?

Prevalence

File analysis

Detections

Vulnerable software

Threat root cause

95. Which technology limits communication between nodes on the same network segment to individual applications?

serverless infrastructure

microsegmentation

SaaS deployment

machine-to-machine firewalling

96. Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is

authenticated?

Authorization

Accounting

Authentication

CoA

97. In which cloud services model is the tenant responsible for virtual machine OS patching?

IaaS

UCaaS

PaaS

SaaS

98. A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion.

What is a requirement for both physical hosts?

The hosts must run Cisco AsyncOS 10.0 or greater.

The hosts must run different versions of Cisco AsyncO

The hosts must have access to the same defined network.

The hosts must use a different datastore than the virtual appliance.

99. What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

blocked ports

simple custom detections

command and control

allowed applications

URL

100. Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)

NTLMSSP

Kerberos

CHAP

TACACS+

RADIUS

Page 11 of 17

101. Refer to the exhibit.

An engineer is implementing a certificate based VPN.

What is the result of the existing configuration?

The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully

The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER

The OU of the IKEv2 peer certificate is set to MANGLER

102. What is the purpose of the Cisco Endpoint loC feature?

It provides stealth threat prevention.

lt is a signature-based engine. W

lt is an incident response tool 6W

It provides precompromise detection.

103. An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected.

Why is the ip radius source-interface command needed for this configuration?

Only requests that originate from a configured NAS IP are accepted by a RADIUS server

The RADIUS authentication key is transmitted only from the defined RADIUS source interface

RADIUS requests are generated only by a router if a RADIUS source interface is defined.

Encrypted RADIUS authentication requires the RADIUS source interface be defined

104. An administrator is trying to determine which applications are being used in the network but does not want thenetwork devices to send metadata to Cisco Firepower.

Which feature should be used to accomplish this?

NetFlow

Packet Tracer

Network Discovery

Access Control

105. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

106. How does Cisco Workload Optimization portion of the network do EPP solutions solely performance issues?

It deploys an AWS Lambda system

It automates resource resizing

It optimizes a flow path

It sets up a workload forensic score

107. An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of

greymail for the end user.

Which feature must the administrator enable first?

File Analysis

IP Reputation Filtering

Intelligent Multi-Scan

Anti-Virus Filtering

108. What is the purpose of the My Devices Portal in a Cisco ISE environment?

to register new laptops and mobile devices

to request a newly provisioned mobile device

to provision userless and agentless systems

to manage and deploy antivirus definitions and patches on systems owned by the end user

109. What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an

organization? (Choose two)

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

single sign-on access to on-premises and cloud applications

integration with 802.1x security using native Microsoft Windows supplicant

secure access to on-premises and cloud applications

identification and correction of application vulnerabilities before allowing access to resources

110. Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?

(Choose two)

Outgoing traffic is allowed so users can communicate with outside organizations.

Malware infects the messenger application on the user endpoint to send company data.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

An exposed API for the messaging platform is used to send large amounts of data.

Messenger applications cannot be segmented with standard network controls

Page 12 of 17

111. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmpserver group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

112. What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

It decrypts HTTPS application traffic for unauthenticated users.

It alerts users when the WSA decrypts their traffic.

It decrypts HTTPS application traffic for authenticated users.

It provides enhanced HTTPS application detection for AsyncO

113. What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is

deleted from an identity group?

posture assessment

CoA

external identity source

SNMP probe

114. When Cisco and other industry organizations publish and inform users of known security findings andvulnerabilities, which name is used?

Common Security Exploits

Common Vulnerabilities and Exposures

Common Exploits and Vulnerabilities

Common Vulnerabilities, Exploits and Threats

115. An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices.

What should be done to ensure that all subdomains of domain.com are blocked?

Configure the *.com address in the block list.

Configure the *.domain.com address in the block list

Configure the domain.com address in the block list

116. What is the difference between EPP and EDR?

EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.

Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.

EDR focuses solely on prevention at the perimeter.

Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

117. An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator.

Which protocol must be configured in order to provide this capability?

EAPOL

SSH

RADIUS

TACACS+

118. What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Ethos Engine to perform fuzzy fingerprinting

Tetra Engine to detect malware when me endpoint is connected to the cloud

Clam AV Engine to perform email scanning

Spero Engine with machine learning to perform dynamic analysis

119. A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access The Cisco ESA must also join a cluster machine using preshared keys What must be configured to meet these requirements?

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CL

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GU

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI

120. Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

It can handle explicit HTTP requests.

It requires a PAC file for the client web browser.

It requires a proxy for the client web browser.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

Layer 4 switches can automatically redirect traffic destined to port 80.

Page 13 of 17

121. A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise.

What must be done in order to ensure that the created is functioning as it should?

Create an IP block list for the website from which the file was downloaded

Block the application that the file was using to open

Upload the hash for the file into the policy

Send the file to Cisco Threat Grid for dynamic analysis

122. An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API.

Which solution should be used to accomplish this goal?

SIEM

CASB

Adaptive MFA

Cisco Cloudlock

123. Refer to the exhibit.

How does Cisco Umbrella manage traffic that is directed toward risky domains?

Traffic is proximed through the intelligent proxy.

Traffic is managed by the security settings and blocked.

Traffic is managed by the application settings, unhandled and allowed.

Traffic is allowed but logged.

124. Refer to the exhibit.

Text, letter

Description automatically generated

What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?

imports requests

HTTP authorization

HTTP authentication

plays dent ID

125. What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

REST uses methods such as GET, PUT, POST, and DELET

REST codes can be compiled with any programming language.

REST is a Linux platform-based architecture.

The POST action replaces existing data at the URL path.

REST uses HTTP to send a request to a web service.

126. Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced visibility,promote compliance,shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?

Cisco DNA Center

Cisco SDN

Cisco ISE

Cisco Security Compiance Solution

127. Which service allows a user export application usage and performance statistics with Cisco Application Visibility

and control?

SNORT

NetFlow

SNMP

802.1X

128. Which functions of an SDN architecture require southbound APIs to enable communication?

SDN controller and the network elements

management console and the SDN controller

management console and the cloud

SDN controller and the cloud

129. Which two components do southbound APIs use to communicate with downstream devices? (Choose two.)

services running over the network

OpenFlow

external application APIs

applications running over the network

OpFlex

130. What must be used to share data between multiple security products?

Cisco Rapid Threat Containment

Cisco Platform Exchange Grid

Cisco Advanced Malware Protection

Cisco Stealthwatch Cloud

Page 14 of 17

131. Which PKI enrollment method allows the user to separate authentication and enrollment actions and alsoprovides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

terminal

profile

selfsigned

132. Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

OpenC2

OpenlOC

CybOX

STIX

133. How is Cisco Umbrella configured to log only security events?

per policy

in the Reporting settings

in the Security Settings section

per network in the Deployments section

134. Which benefit does DMVPN provide over GETVPN?

DMVPN supports QoS, multicast, and routing, and GETVPN supports only Qo

DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.

DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.

DMVPN can be used over the public Internet, and GETVPN requires a private network.

135. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

sending continuous pings

overflowing the buffer’s memory

inserting malicious commands into the database

136. What is a characteristic of a bridge group in ASA Firewall transparent mode?

It includes multiple interfaces and access rules between interfaces are customizable

It is a Layer 3 segment and includes one port and customizable access rules

It allows ARP traffic with a single access rule

It has an IP address on its BVI interface and is used for management traffic

137. A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB.

What action is needed to authenticate the VPN?

Change isakmp to ikev2 in the command on host

Enter the command with a different password on host

Enter the same command on host

Change the password on hostA to the default password.

138. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

put

options

get

push

connect

139. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It utilizes sensors that send messages securely.

It uses machine learning and real-time behavior analytics.

140. A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The networkis congested and is affecting communication.

How will the Cisco ESA handle any files which need analysis?

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

The file is queued for upload when connectivity is restored.

The file upload is abandoned.

The ESA immediately makes another attempt to upload the file.

Page 15 of 17

141. Which solution should be leveraged for secure access of a CI/CD pipeline?

Duo Network Gateway

remote access client

SSL WebVPN

Cisco FTD network gateway

142. Which function is the primary function of Cisco AMP threat Grid?

automated email encryption

applying a real-time URI blacklist

automated malware analysis

monitoring network traffic

143. Refer to the exhibit.

Text, letter

Description automatically generated

What does the API do when connected to a Cisco security appliance?

get the process and PID information from the computers in the network

create an SNMP pull mechanism for managing AMP

gather network telemetry information from AMP for endpoints

gather the network interface information about the computers AMP sees

144. What is a capability of Cisco ASA Netflow?

It filters NSEL events based on traffic

It generates NSEL events even if the MPF is not configured

It logs all event types only to the same collector

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

145. What is a description of microsegmentation?

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery

Environments implement private VLAN segmentation to group servers with similar applications.

Environments deploy centrally managed host-based firewall rules on each server or container

146. Refer to the exhibit.

What will occur when this device tries to connect to the port?

802.1X will not work, but MAB will start and allow the device on the network.

802.1X will not work and the device will not be allowed network access

802 1X will work and the device will be allowed on the network

802 1X and MAB will both be used and ISE can use policy to determine the access level

147. DRAG DROP

Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.

148. Which deployment model is the most secure when considering risks to cloud adoption?

Public Cloud

Hybrid Cloud

Community Cloud

Private Cloud

149. Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the

deployment?

NGFW

AMP

WSA

ESA

150. A mall provides security services to customers with a shared appliance. The mall wants separation of

management on the shared appliance.

Which ASA deployment mode meets these needs?

routed mode

transparent mode

multiple context mode

multiple zone mode

Page 16 of 17

151. Which attack is preventable by Cisco ESA but not by the Cisco WSA?

buffer overflow

DoS

SQL injection

phishing

152. Which technology enables integration between Cisco ISE and other platforms to gather and share

network and vulnerability data and SIEM and location information?

pxGrid

NetFlow

SNMP

Cisco Talos

153. An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content.

Which action accomplishes these objectives?

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

154. Under which two circumstances is a CoA issued? (Choose two)

A new authentication rule was added to the policy on the Policy Service node.

An endpoint is deleted on the Identity Service Engine server.

A new Identity Source Sequence is created and referenced in the authentication policy.

An endpoint is profiled for the first time.

A new Identity Service Engine server is added to the deployment with the Administration persona

155. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

156. Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize

applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

Cisco Security Intelligence

Cisco Application Visibility and Control

Cisco Model Driven Telemetry

Cisco DNA Center

157. A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category.

Which reputation score should be selected to accomplish this goal?

158. An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from beingaccessed via the firewall which requires that the administrator input the bad URL categories that the

organization wants blocked into the access policy.

Which solution should be used to meet this requirement?

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTDdoes not

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

159. Refer to the exhibit.

A network administrator configures command authorization for the admin5 user.

What is the admin5 user able to do on HQ_Router after this configuration?

set the IP address of an interface

complete no configurations

complete all configurations

add subinterfaces

160. Which statement describes a serverless application?

The application delivery controller in front of the server farm designates on which server the application runs each time.

The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

The application is installed on network equipment and not on physical servers.

The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

Page 17 of 17

161. An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped.

How would this be accomplished?

Set a trusted interface for the DHCP server

Set the DHCP snooping bit to 1

Add entries in the DHCP snooping database

Enable ARP inspection for the required VLAN

162. Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

Cisco AMP for Endpoints

Cisco AnyConnect

Cisco Umbrella

Cisco Duo

163. An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)

Configure Cisco ACI to ingest AWS information.

Configure Cisco Thousand Eyes to ingest AWS information.

Send syslog from AWS to Cisco Stealthwatch Cloud.

Send VPC Flow Logs to Cisco Stealthwatch Cloud.

Configure Cisco Stealthwatch Cloud to ingest AWS information

164. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

165. Refer to the exhibit.

Which command was used to display this output?

show dot1x all

show dot1x

show dot1x all summary

show dot1x interface gi1/0/12

166. DRAG DROP

Drag and drop the common security threats from the left onto the definitions on the right.

Diagram

Description automatically generated

Facebook Twitter LinkedIn Google + Email

Cisco 350-701 Exam Dumps Options To Pass the Exam 2023

Cisco 350-701 Exam Dumps Options To Pass the Exam 2023

Author

LEAVE A COMMENT Cancel reply

Related Posts