350-701 Exam - Implementing and Operating Cisco Security Core Technologies

NEW QUESTION 1

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

• A. Malware installation
• B. Command-and-control communication
• C. Network footprinting
• D. Data exfiltration

Answer: D

Explanation:
Reference: https://www.netsurion.com/articles/5-types-of-dns-attacks-and-how-to-detect-them

NEW QUESTION 2

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

• A. Windows service
• B. computer identity
• C. user identity
• D. Windows firewall
• E. default browser

Answer: AD

NEW QUESTION 3

Which solution stops unauthorized access to the system if a user's password is compromised?

• A. VPN
• B. MFA
• C. AMP
• D. SSL

Answer: B

NEW QUESTION 4

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

• A. supports VMware vMotion on VMware ESXi
• B. requires an additional license
• C. performs transparent redirection
• D. supports SSL decryption

Answer: A

NEW QUESTION 5

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

• A. Cisco AMP for Endpoints
• B. Cisco AnyConnect
• C. Cisco Umbrella
• D. Cisco Duo

Answer: A

NEW QUESTION 6

What is the purpose of the Cisco Endpoint IoC feature?

• A. It is an incident response tool.
• B. It provides stealth threat prevention.
• C. It is a signature-based engine.
• D. It provides precompromise detection.

Answer: A

Explanation:
Reference: https://docs.amp.cisco.com/Cisco%20Endpoint%20IOC%20Attributes.pdf
The Endpoint Indication of Compromise (IOC) feature is a powerful incident response tool for scanning of post-compromise indicators across multiple computers.

NEW QUESTION 7

What is the process In DevSecOps where all changes In the central code repository are merged and synchronized?

• A. CD
• B. EP
• C. CI
• D. QA

Answer: C

NEW QUESTION 8

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256 cisc0xxxxxxxxx command and needs to send SNMP information to a host at 10.255.255.1. Which
command achieves this goal?

• A. snmp-server host inside 10.255.255.1 version 3 myv7
• B. snmp-server host inside 10.255.255.1 snmpv3 myv7
• C. snmp-server host inside 10.255.255.1 version 3 asmith
• D. snmp-server host inside 10.255.255.1 snmpv3 asmith

Answer: C

NEW QUESTION 9

When NetFlow is applied to an interface, which component creates the flow monitor cache that is used to collect traffic based on the key and nonkey fields in the configured record?

• A. records
• B. flow exporter
• C. flow sampler
• D. flow monitor

Answer: D

NEW QUESTION 10

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?

• A. Manually change the management port on Cisco FMC and all managed Cisco FTD devices
• B. Set the tunnel to go through the Cisco FTD
• C. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices
• D. Set the tunnel port to 8305

Answer: A

Explanation:
The FMC and managed devices communicate using a two-way, SSL-encrypted communication channel, which by default is on port 8305.Cisco strongly recommends that you keep the default settings for the remote management port, but if themanagement port conflicts with other communications on your network, you can choose a different port. If you change the management port, you must change it for all devices in your deployment that need to communicate with each other.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmtnw.html

NEW QUESTION 11

How does the Cisco WSA enforce bandwidth restrictions for web applications?

• A. It implements a policy route to redirect application traffic to a lower-bandwidth link.
• B. It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA.
• C. It sends commands to the uplink router to apply traffic policing to the application traffic.
• D. It simulates a slower link by introducing latency into application traffic.

Answer: C

NEW QUESTION 12

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two)

• A. RADIUS
• B. TACACS+
• C. DHCP
• D. sFlow
• E. SMTP

Answer: AC

NEW QUESTION 13

Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

• A. inter-EPG isolation
• B. inter-VLAN security
• C. intra-EPG isolation
• D. placement in separate EPGs

Answer: C

Explanation:
Intra-EPG Isolation is an option to prevent physical or virtual endpoint devices that are in the same base EPG or microsegmented (uSeg) EPG from communicating with each other. By default, endpoint devices included in the same EPG are allowed to communicate with one another.

NEW QUESTION 14

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

• A. show authorization status
• B. show authen sess int gi0/1
• C. show connection status gi0/1
• D. show ver gi0/1

Answer: B

NEW QUESTION 15

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

• A. Group Policy
• B. Access Control Policy
• C. Device Management Policy
• D. Platform Service Policy

Answer: D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-configguide-v62/platfo the answer should be “Platform Settings Policy”, not “Platform Service Policy” but it is the bestanswer here so we have to choose it.

NEW QUESTION 16

Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?

• A. 1
• B. 2
• C. 6
• D. 31

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networkingservices/config_

NEW QUESTION 17

Which command is used to log all events to a destination colector 209.165.201.107?

• A. CiscoASA(config-pmap-c)#flow-export event-type flow-update destination 209.165.201.10
• B. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.
• C. CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10
• D. CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10

Answer: C

NEW QUESTION 18

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

• A. To protect the endpoint against malicious file transfers
• B. To ensure that assets are secure from malicious links on and off the corporate network
• C. To establish secure VPN connectivity to the corporate network
• D. To enforce posture compliance and mandatory software

Answer: B

Explanation:
Umbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall. It protects your employees even when they are off the VPN.

NEW QUESTION 19

Which SNMPv3 configuration must be used to support the strongest security possible?

• A. asa-host(config)#snmp-server group myv3 v3 privasa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
• B. asa-host(config)#snmp-server group myv3 v3 noauthasa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
• C. asa-host(config)#snmpserver group myv3 v3 noauthasa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
• D. asa-host(config)#snmp-server group myv3 v3 privasa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Answer: D

NEW QUESTION 20
......