Cisco 350-701 Cert Guide PDF 100% Cover Real Exam Questions [Q290-Q314]

Share

Cisco 350-701 Cert Guide PDF 100% Cover Real Exam Questions

Pass 350-701 Exam - Real Questions and Answers


Cisco 350-701 exam is a part of the CCNP Security certification and is a requirement for obtaining this certification. The CCNP Security certification is aimed at professionals who have at least three to five years of experience in implementing and operating security solutions. Implementing and Operating Cisco Security Core Technologies certification validates the skills and knowledge of the candidates in securing network infrastructure, securing endpoints, securing cloud environments, and securing network access. The Cisco 350-701 exam is an important step towards achieving this certification and is a validation of the candidate's understanding of the latest security technologies and solutions.

 

NEW QUESTION # 290
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

  • A. external identity source
  • B. SNMP probe
  • C. posture assessment
  • D. CoA

Answer: D

Explanation:
Cisco ISE allows a global configuration to issue a Change of Authorization (CoA) in the Profiler Configuration page that enables the profiling service with more control over endpoints that are already authenticated.
One of the settings to configure the CoA type is "Reauth". This option is used to enforce reauthentication of an already authenticated endpoint when it is profiled.
Reference:
b_ise_admin_guide_sample_chapter_010101.html


NEW QUESTION # 291
Refer to the exhibit.

A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?

  • A. add subinterfaces
  • B. complete no configurations
  • C. set the IP address of an interface
  • D. complete all configurations

Answer: B


NEW QUESTION # 292
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

  • A. Use destination block lists.
  • B. Configure application block lists.
  • C. Configure the intelligent proxy.
  • D. Set content settings to High

Answer: C

Explanation:
Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.
The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.


NEW QUESTION # 293
Which attack is preventable by Cisco ESA but not by the Cisco WSA?

  • A. phishing
  • B. buffer overflow
  • C. DoS
  • D. SQL injection

Answer: A

Explanation:
The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
Prevents the following:
+ Attacks that use compromised accounts and social engineering.
+ Phishing, ransomware, zero-day attacks and spoofing.
+ BEC with no malicious payload or URL.
Reference:
5/m_advanced_phishing_protection.html


NEW QUESTION # 294
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?

  • A. Cisco Advanced Stealthwatch Appliance (ASA)
  • B. Cisco Enterprise Security Appliance (ESA)
  • C. Cisco Web Security Appliance (WSA)
  • D. Cisco Identity Services Engine (ISE)

Answer: C

Explanation:
Cisco Web Security Appliance (WSA) is the platform that automatically blocks risky sites, and tests unknown sites for hidden advanced threats before allowing users to click them, using Cisco Cognitive Threat Analytics. Cisco Cognitive Threat Analytics is a cloud-based solution that reduces the time to discovery of threats operating inside the network by analyzing web traffic and detecting anomalous behavior. Cisco WSA integrates with Cisco Cognitive Threat Analytics to provide enhanced web security and breach detection.
Cisco WSA can also leverage other Cisco security solutions, such as Cisco Umbrella, Cisco Advanced Malware Protection (AMP), and Cisco Talos Intelligence Group, to provide comprehensive web security. References:
* Cisco Web Security Appliance (WSA)
* Cisco Cognitive Threat Analytics At-a-Glance
* Introducing Cisco Cognitive Threat Analytics
* Implementing and Operating Cisco Security Core Technologies (SCOR) - Module 3: Cloud and Content Security


NEW QUESTION # 295
What are two Trojan malware attacks? (Choose two)

  • A. frontdoor
  • B. sync
  • C. rootkit
  • D. backdoor
  • E. smurf

Answer: C,D


NEW QUESTION # 296
A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

  • A. slowloris
  • B. pharming
  • C. SYN flood
  • D. phishing

Answer: C

Explanation:
https://www.cisco.com/c/en/us/products/security/what-is-a-ddos-attack.html#~types-of-ddos-attacks


NEW QUESTION # 297
Drag and drop the VPN functions from the left onto the description on the right.

Answer:

Explanation:


NEW QUESTION # 298
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

  • A. access control policy
  • B. health policy
  • C. correlation policy
  • D. health awareness policy
  • E. system policy

Answer: B

Explanation:
On Cisco Firepower Management Center, a health policy is used to collect health modules alerts from managed devices. A health policy is a collection of tests, or health modules, that monitor the health status of the hardware and software in the system. You can apply a health policy to one or more appliances and configure the frequency and conditions for running the health modules and generating alerts. The health monitor on the Firepower Management Center tracks the health events based on the health policy settings and displays them on the Health Monitor page and the event views. You can also use external alerting mechanisms, such as SNMP traps or syslog messages, to notify you of health events. References :=
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60
/Health_Monitoring.html
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management- center-admin-71/health-health.html


NEW QUESTION # 299
Refer to the exhibit,

which command results in these messages when attempting to troubleshoot an iPsec VPN connection?

  • A. debug crypto Ipsec
  • B. debug crypto ipsec endpoint
  • C. debug crypto isakmp connection
  • D. debug crypto isakmp

Answer: D

Explanation:
The command that results in these messages when attempting to troubleshoot an iPsec VPN connection is debug crypto isakmp. This command displays debug information about the Internet Key Exchange (IKE) protocol, which is used to establish security associations (SAs) for IPsec VPNs. The messages in the exhibit show various steps and statuses of the IKE negotiation process, such as creating and deleting peer structures, receiving and sending packets, and checking the compatibility of the security policies and proposals. The other commands are either invalid (debug crypto ipsec endpoint and debug crypto isakmp connection) or display different information (debug crypto ipsec shows the details of the IPsec encryption and decryption operations). References:
https://www.cisco.com/c/en/us/training-events/training-certifications/training/training-services/courses/implemen
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.h


NEW QUESTION # 300
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?

  • A. access control lists
  • B. storm control
  • C. Bridge Protocol Data Unit guard
  • D. embedded event monitoring

Answer: B

Explanation:
ExplanationExplanationStorm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.By using the "storm-control broadcast level [falling-threshold]" we can limit the broadcast traffic on the switch.


NEW QUESTION # 301
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

Answer:

Explanation:

Explanation:

Reference:
https://www.westconcomstor.com/medias/CWS-data-sheet-c78-729637-1-.pdf?context=bWFzdGVyfHJvb3R8M


NEW QUESTION # 302
An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?

  • A. Enable flagged message handling
  • B. Deploy an encryption appliance.
  • C. Provision the email appliance
  • D. Map sender !P addresses to a host interface.

Answer: B

Explanation:
The configuration that is needed to accomplish the goal of adding protection for data in transit and having headers in the email message is to deploy an encryption appliance. An encryption appliance is a device that encrypts and decrypts email messages using various encryption standards, such as S/MIME, PGP, or Cisco Registered Envelope Service (CRES). An encryption appliance can also add headers to the email message to indicate the encryption status, the encryption key, or the encryption policy. An encryption appliance can be integrated with an email appliance, such as Cisco Email Security Appliance (ESA), to provide end-to-end email security and encryption.
The other options are incorrect because:
* Provisioning the email appliance is not enough to add protection for data in transit and have headers in the email message. An email appliance can provide various email security features, such as spam filtering, virus scanning, content filtering, or data loss prevention, but it does not encrypt or decrypt email messages by itself. An email appliance needs to work with an encryption appliance to provide email encryption and decryption.
* Mapping sender IP addresses to a host interface is not related to adding protection for data in transit and having headers in the email message. This is a configuration option for an email appliance that allows it to accept email messages from specific IP addresses or ranges and assign them to a specific host interface. This can be useful for load balancing, traffic management, or policy enforcement, but it does not affect email encryption or decryption.
* Enabling flagged message handling is not relevant to adding protection for data in transit and having headers in the email message. This is a configuration option for an email appliance that allows it to handle email messages that have a specific flag or tag in the subject line or the body. This can be useful for testing, troubleshooting, or applying special policies, but it does not affect email encryption or decryption.
References:
Cisco Email Encryption
Cisco Email Encryption Appliance
Cisco Email Security Appliance Configuration Guide


NEW QUESTION # 303
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? {Choose two.)

  • A. middleware
  • B. data
  • C. virtualization
  • D. operating systems
  • E. applications

Answer: C,D

Explanation:
Explanation
https://apprenda.com/library/paas/iaas-paas-saas-explained-compared/


NEW QUESTION # 304
What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

  • A. It allows customization of access policies based on user identity
  • B. It enables VPN access for individual users from their machines
  • C. It provides spoke-to-spoke communications without traversing the hub
  • D. It allows multiple sites to connect to the data center
  • E. It allows different routing protocols to work over the tunnel

Answer: A,B

Explanation:
Cisco AnyConnect is a client-based VPN solution that provides secure remote access for individual users from their machines. It allows customization of access policies based on user identity, such as group membership, device posture, or location. This enables granular control over who can access what resources on the network.
Cisco AnyConnect also supports various authentication methods, such as certificates, multifactor authentication, or single sign-on. Cisco AnyConnect can be deployed with Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) as the VPN headend.
Cisco DMVPN is a network-based VPN solution that provides dynamic, on-demand, and scalable connectivity for branch offices, teleworkers, and business partners. It uses multipoint GRE (mGRE) tunnels and Next Hop Resolution Protocol (NHRP) to establish direct spoke-to-spoke communications without traversing the hub. It also supports IPsec encryption and various routing protocols over the tunnel. Cisco DMVPN can be deployed with Cisco IOS routers as the VPN headend.
The advantages of using Cisco AnyConnect over DMVPN are:
* It enables VPN access for individual users from their machines, which is useful for mobile workers or telecommuters who need to connect to the network from anywhere.
* It allows customization of access policies based on user identity, which is useful for enforcing security and compliance requirements for different types of users or devices.
The advantages of using DMVPN over Cisco AnyConnect are:
* It provides spoke-to-spoke communications without traversing the hub, which reduces latency and bandwidth consumption for traffic between remote sites.
* It allows different routing protocols to work over the tunnel, which provides flexibility and scalability for network design and management.
References:
* Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Data Sheet
* [Cisco AnyConnect Secure Mobility Client Data Sheet]
* Cisco Get VPN vs DMVPN: Difference and Comparison
* Comparing Cisco SD-WAN to DMVPN
* What are two advantages of using Cisco AnyConnect over DMVPN?


NEW QUESTION # 305
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

  • A. Content Category Blocking
  • B. Security Category Blocking
  • C. Application Control
  • D. File Analysis

Answer: B

Explanation:
Cisco Umbrella groups harmful destinations into categories of security threat, such as Malware, Command Control Callbacks, Phishing Attacks, Dynamic DNS, Potentially Harmful Domains, DNS Tunneling VPN, and Cryptomining1. When web policies are configured in Cisco Umbrella, the security category blocking provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats. By enabling or disabling these categories, the administrator can control the identity access to these destinations and protect the network from malicious traffic2. References: 1: Security Categories - Umbrella User Guide 2: Manage Security Settings - Umbrella User Guide


NEW QUESTION # 306
Drag and drop the capabilities from the left onto the correct technologies on the right.

Answer:

Explanation:


NEW QUESTION # 307
What does endpoint isolation in Cisco AMP for Endpoints security protect from?

  • A. an infection spreading across the network E
  • B. a malware spreading across the user device
  • C. a malware spreading across the LDAP or Active Directory domain from a user account
  • D. an infection spreading across the LDAP or Active Directory domain from a user account

Answer: D

Explanation:
https://community.cisco.com/t5/endpoint-security/amp-endpoint-isolation/td-p/4086674#:~:text=Isolating%
20an%20endpoint%20blocks%20all,your%20IP%20isolation%20allow%20list


NEW QUESTION # 308
A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?

  • A. file discovery
  • B. file prevalence
  • C. file conviction
  • D. file manager

Answer: A

Explanation:
File discovery is a feature of Cisco AMP that allows the engineering team to search for files across all endpoints in the network based on their SHA-256 hashes. File discovery can help identify whether a file is installed on a selected few workstations, and also provide information such as file name, path, size, date, and disposition. File discovery can be used to locate malicious files, unauthorized software, or sensitive data on the endpoints. File discovery can be accessed from the Outbreak Control menu in the AMP console1. References: https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215176-configure-a-s


NEW QUESTION # 309
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)

  • A. Send VPC Flow Logs to Cisco Stealthwatch Cloud.
  • B. Configure Cisco Thousand Eyes to ingest AWS information.
  • C. Send syslog from AWS to Cisco Stealthwatch Cloud.
  • D. Configure Cisco ACI to ingest AWS information.
  • E. Configure Cisco Stealthwatch Cloud to ingest AWS information

Answer: B,E


NEW QUESTION # 310
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

  • A. get
  • B. put
  • C. push
  • D. connect
  • E. options

Answer: A,B

Explanation:
The ASA REST API gives you programmatic access to managing individual ASAs through a Representational State Transfer (REST) API. The API allows external clients to perform CRUD (Create, Read, Update, Delete) operations on ASA resources; it is based on the HTTPS protocol and REST methodology.
All API requests are sent over HTTPS to the ASA, and a response is returned.
Request Structure
Available request methods are:
GET - Retrieves data from the specified object.
PUT - Adds the supplied information to the specified object; returns a 404 Resource Not Found error if the object does not exist.
POST - Creates the object with the supplied information.
DELETE - Deletes the specified object
PATCH - Applies partial modifications to the specified object.
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html


NEW QUESTION # 311
What is a commonality between DMVPN and FlexVPN technologies?

  • A. FlexVPN and DMVPN use the new key management protocol, IKEv2
  • B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
  • C. IOS routers run the same NHRP code for DMVPN and FlexVPN
  • D. FlexVPN and DMVPN use the same hashing algorithms

Answer: C

Explanation:
Explanation
Explanation/Reference: https://packetpushers.net/cisco-flexvpn-dmvpn-high-level-design/#:~:text=In%20its%20essence%
2C%20FlexVPN%20is,both%20are%20Cisco's%20proprietary%20technologies.


NEW QUESTION # 312
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

  • A. Cisco Talos Intelligence
  • B. Cognitive Threat Analytics
  • C. Threat Intelligence Director
  • D. Encrypted Traffic Analytics

Answer: C

Explanation:

https://www.cisco.com/c/en/us/support/docs/storage-networking/security/214859-configure-and-troubleshoot-cisco-threat.html


NEW QUESTION # 313
When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

  • A. full Internet
  • B. blocked
  • C. limited Internet
  • D. guest

Answer: B

Explanation:
When a transparent authentication fails on the Web Security Appliance (WSA), the end user gets blocked access. This means that the user cannot access any web resources until they successfully authenticate. The WSA can use different methods to authenticate users transparently, such as Transparent User Identification (TUI), Transparent Identification, or Kerberos1. If none of these methods work, the WSA will send a block page to the user with a message explaining why the authentication failed and how to resolve the issue2. The block page can be customized by the administrator to provide more information or instructions to the user3.
References := 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4:
Securing the Cloud, Lesson 4.3: Cloud Application Security, Topic 4.3.2: Cisco Umbrella, page 4-59. 2: User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment), Chapter: Acquire End-User Credentials, Topic: Failed Authentication Credentials, page 4-67. 3: User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment), Chapter: Customize End-User Notifications, Topic: Customize Block Pages, page 5-1.


NEW QUESTION # 314
......


Cisco 350-701 exam is a 120-minute test that consists of 90-110 questions. 350-701 exam is computer-based and can be taken at any Pearson VUE testing center globally. 350-701 exam questions are in multiple-choice format, and the passing score is usually around 70%. 350-701 exam's cost varies depending on the country and currency, but it is generally around $400-$500.

 

100% Free 350-701 Daily Practice Exam With 727 Questions: https://pass4itsure.passleadervce.com/CCNPSecurity/reliable-350-701-exam-learning-guide.html