Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

350-701 Questions and Answers

Question # 6

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Full Access
Question # 7

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Full Access
Question # 8

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Full Access
Question # 9

What is the role of an endpoint in protecting a user from a phishing attack?

A.

Use Cisco Stealthwatch and Cisco ISE Integration.

B.

Utilize 802.1X network security to ensure unauthorized access to resources.

C.

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.

Ensure that antivirus and anti malware software is up to date

Full Access
Question # 10

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A.

Multiple NetFlow collectors are supported

B.

Advanced NetFlow v9 templates and legacy v5 formatting are supported

C.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

D.

Flow-create events are delayed

Full Access
Question # 11

What is the function of SDN southbound API protocols?

A.

to allow for the dynamic configuration of control plane applications

B.

to enable the controller to make changes

C.

to enable the controller to use REST

D.

to allow for the static configuration of control plane applications

Full Access
Question # 12

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A.

The key server that is managing the keys for the connection will be at 1.2.3.4

B.

The remote connection will only be allowed from 1.2.3.4

C.

The address that will be used as the crypto validation authority

D.

All IP addresses other than 1.2.3.4 will be allowed

Full Access
Question # 13

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A.

Modify an access policy

B.

Modify identification profiles

C.

Modify outbound malware scanning policies

D.

Modify web proxy settings

Full Access
Question # 14

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Full Access
Question # 15

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 16

What is a benefit of conducting device compliance checks?

A.

It indicates what type of operating system is connecting to the network.

B.

It validates if anti-virus software is installed.

C.

It scans endpoints to determine if malicious activity is taking place.

D.

It detects email phishing attacks.

Full Access
Question # 17

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A.

Cisco Cloudlock

B.

Cisco Umbrella

C.

Cisco AMP

D.

Cisco App Dynamics

Full Access
Question # 18

How does Cisco Advanced Phishing Protection protect users?

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Full Access
Question # 19

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several

organizations from a specific group?

A.

Hybrid

B.

Community

C.

Private

D.

Public

Full Access
Question # 20

What is a benefit of performing device compliance?

A.

Device classification and authorization

B.

Providing multi-factor authentication

C.

Providing attribute-driven policies

Full Access
Question # 21

What are two characteristics of Cisco DNA Center APIs? (Choose two)

A.

Postman is required to utilize Cisco DNA Center API calls.

B.

They do not support Python scripts.

C.

They are Cisco proprietary.

D.

They quickly provision new devices.

E.

They view the overall health of the network

Full Access
Question # 22

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API. Which solution should be used to accomplish this goal?

A.

SIEM

B.

CASB

C.

Adaptive MFA

D.

Cisco Cloudlock

Full Access
Question # 23

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Full Access
Question # 24

What is the difference between Cross-site Scripting and SQL Injection, attacks?

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Full Access
Question # 25

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

A.

1

B.

3

C.

5

D.

10

Full Access
Question # 26

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A.

Enable IP Layer enforcement.

B.

Activate the Advanced Malware Protection license

C.

Activate SSL decryption.

D.

Enable Intelligent Proxy.

Full Access
Question # 27

Which algorithm provides asymmetric encryption?

A.

RC4

B.

AES

C.

RSA

D.

3DES

Full Access
Question # 28

What is provided by the Secure Hash Algorithm in a VPN?

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Full Access
Question # 29

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

A.

IKEv1

B.

AH

C.

ESP

D.

IKEv2

Full Access
Question # 30

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A.

Configure the datasecurityconfig command

B.

Configure the advancedproxyconfig command with the HTTPS subcommand

C.

Configure a small log-entry size.

D.

Configure a maximum packet size.

Full Access
Question # 31

What features does Cisco FTDv provide over ASAv?

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Full Access
Question # 32

What must be used to share data between multiple security products?

A.

Cisco Rapid Threat Containment

B.

Cisco Platform Exchange Grid

C.

Cisco Advanced Malware Protection

D.

Cisco Stealthwatch Cloud

Full Access
Question # 33

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?

(Choose two)

A.

configure Active Directory Group Policies to push proxy settings

B.

configure policy-based routing on the network infrastructure

C.

reference a Proxy Auto Config file

D.

configure the proxy IP address in the web-browser settings

E.

use Web Cache Communication Protocol

Full Access
Question # 34

Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

A.

authentication open

B.

dotlx reauthentication

C.

cisp enable

D.

dot1x pae authenticator

Full Access
Question # 35

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch

was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate

the risk of this ransom ware infection? (Choose two)

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing

access on the network.

B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing

access on the network.

C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met

before allowing access on the network.

D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate

throughout the network.

E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Full Access
Question # 36

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Full Access
Question # 37

Which technology is used to improve web traffic performance by proxy caching?

A.

WSA

B.

Firepower

C.

FireSIGHT

D.

ASA

Full Access
Question # 38

Which two preventive measures are used to control cross-site scripting? (Choose two)

A.

Enable client-side scripts on a per-domain basis.

B.

Incorporate contextual output encoding/escaping.

C.

Disable cookie inspection in the HTML inspection engine.

D.

Run untrusted HTML input through an HTML sanitization engine.

E.

Same Site cookie attribute should not be used.

Full Access
Question # 39

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A.

TLSv1.2

B.

TLSv1.1

C.

BJTLSv1

D.

DTLSv1

Full Access
Question # 40

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)

A.

Enable NetFlow Version 9.

B.

Create an ACL to allow UDP traffic on port 9996.

C.

Apply NetFlow Exporter to the outside interface in the inbound direction.

D.

Create a class map to match interesting traffic.

E.

Define a NetFlow collector by using the flow-export command

Full Access
Question # 41

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

A.

It can handle explicit HTTP requests.

B.

It requires a PAC file for the client web browser.

C.

It requires a proxy for the client web browser.

D.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

E.

Layer 4 switches can automatically redirect traffic destined to port 80.

Full Access
Question # 42

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also

provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A.

url

B.

terminal

C.

profile

D.

selfsigned

Full Access
Question # 43

What is a difference between FlexVPN and DMVPN?

A.

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Full Access
Question # 44

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

A.

put

B.

options

C.

get

D.

push

E.

connect

Full Access
Question # 45

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

A.

Spero analysis

B.

dynamic analysis

C.

sandbox analysis

D.

malware analysis

Full Access
Question # 46

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.

However, the connection is failing. Which action should be taken to accomplish this goal?

A.

Disable telnet using the no ip telnet command.

B.

Enable the SSH server using the ip ssh server command.

C.

Configure the port using the ip ssh port 22 command.

D.

Generate the RSA key using the crypto key generate rsa command.

Full Access
Question # 47

Which attack is commonly associated with C and C++ programming languages?

A.

cross-site scripting

B.

water holing

C.

DDoS

D.

buffer overflow

Full Access
Question # 48

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

A.

authentication server: Cisco Identity Service Engine

B.

supplicant: Cisco AnyConnect ISE Posture module

C.

authenticator: Cisco Catalyst switch

D.

authenticator: Cisco Identity Services Engine

E.

authentication server: Cisco Prime Infrastructure

Full Access
Question # 49

Which command enables 802.1X globally on a Cisco switch?

A.

dot1x system-auth-control

B.

dot1x pae authenticator

C.

authentication port-control aut

D.

aaa new-model

Full Access
Question # 50

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

A.

Patch for cross-site scripting.

B.

Perform backups to the private cloud.

C.

Protect against input validation and character escapes in the endpoint.

D.

Install a spam and virus email filter.

E.

Protect systems with an up-to-date antimalware program

Full Access
Question # 51

Which Cisco security solution protects remote users against phishing attacks when they are not connected to

the VPN?

A.

Cisco Stealthwatch

B.

Cisco Umbrella

C.

Cisco Firepower

D.

NGIPS

Full Access
Question # 52

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A.

DNS tunneling

B.

DNSCrypt

C.

DNS security

D.

DNSSEC

Full Access
Question # 53

Which SNMPv3 configuration must be used to support the strongest security possible?

A.

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B.

asa-host(config)#snmp-server group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C.

asa-host(config)#snmpserver group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D.

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Full Access
Question # 54

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management

port conflicts with other communications on the network and must be changed. What must be done to ensure

that all devices can communicate together?

A.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

B.

Set the tunnel to go through the Cisco FTD

C.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD

devices

D.

Set the tunnel port to 8305

Full Access
Question # 55

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the

endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

A.

Port Bounce

B.

CoA Terminate

C.

CoA Reauth

D.

CoA Session Query

Full Access
Question # 56

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

A.

Restrict access to only websites with trusted third-party signed certificates.

B.

Modify the user’s browser settings to suppress errors from Cisco Umbrella.

C.

Upload the organization root CA to Cisco Umbrella.

D.

Install the Cisco Umbrella root CA onto the user’s device.

Full Access
Question # 57

Which feature does the laaS model provide?

A.

granular control of data

B.

dedicated, restricted workstations

C.

automatic updates and patching of software

D.

software-defined network segmentation

Full Access
Question # 58

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

A.

webadvancedconfig

B.

websecurity advancedconfig

C.

outbreakconfig

D.

websecurity config

Full Access
Question # 59

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A.

Cisco Advanced Malware Protection

B.

Cisco Stealthwatch

C.

Cisco Identity Services Engine

D.

Cisco AnyConnect

Full Access
Question # 60

What is the difference between a vulnerability and an exploit?

A.

A vulnerability is a hypothetical event for an attacker to exploit

B.

A vulnerability is a weakness that can be exploited by an attacker

C.

An exploit is a weakness that can cause a vulnerability in the network

D.

An exploit is a hypothetical event that causes a vulnerability in the network

Full Access
Question # 61

A small organization needs to reduce the VPN bandwidth load on their headend Cisco ASA in order to

ensure that bandwidth is available for VPN users needing access to corporate resources on the10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the

network?

A.

Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.

B.

Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network,

C.

Configure VPN load balancing to send non-corporate traffic straight to the internet.

D.

Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network.

Full Access
Question # 62

Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?

A.

NTP

B.

syslog

C.

SNMP

D.

NetFlow

Full Access
Question # 63

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 64

A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?

A.

Create an IP block list for the website from which the file was downloaded

B.

Block the application that the file was using to open

C.

Upload the hash for the file into the policy

D.

Send the file to Cisco Threat Grid for dynamic analysis

Full Access
Question # 65

What is the most common type of data exfiltration that organizations currently experience?

A.

HTTPS file upload site

B.

Microsoft Windows network shares

C.

SQL database injections

D.

encrypted SMTP

Full Access
Question # 66

How does Cisco Umbrella protect clients when they operate outside of the corporate network?

A.

by modifying the registry for DNS lookups

B.

by using Active Directory group policies to enforce Cisco Umbrella DNS servers

C.

by using the Cisco Umbrella roaming client

D.

by forcing DNS queries to the corporate name servers

Full Access
Question # 67

Which technology provides a combination of endpoint protection endpoint detection, and response?

A.

Cisco AMP

B.

Cisco Talos

C.

Cisco Threat Grid

D.

Cisco Umbrella

Full Access
Question # 68

What are two benefits of using an MDM solution? (Choose two.)

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Full Access
Question # 69

What is a description of microsegmentation?

A.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate

B.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery

C.

Environments implement private VLAN segmentation to group servers with similar applications.

D.

Environments deploy centrally managed host-based firewall rules on each server or container

Full Access
Question # 70

A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN

and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco

security appliance meets these requirements?

A.

Cisco Cloud Orchestrator

B.

Cisco ASAV

C.

Cisco WSAV

D.

Cisco Stealthwatch Cloud

Full Access
Question # 71

What is a benefit of using a multifactor authentication strategy?

A.

It provides visibility into devices to establish device trust.

B.

It provides secure remote access for applications.

C.

It provides an easy, single sign-on experience against multiple applications

D.

lt protects data by enabling the use of a second validation of identity.

Full Access
Question # 72

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion

events that are flagged as possible active breaches?

A.

retrospective detection

B.

indication of compromise

C.

file trajectory

D.

elastic search

Full Access
Question # 73

Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?

A.

InfluxDB

B.

Splunk

C.

SNMP

D.

Grafana

Full Access
Question # 74

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?

A.

The hosts must run Cisco AsyncOS 10.0 or greater.

B.

The hosts must run different versions of Cisco AsyncOS.

C.

The hosts must have access to the same defined network.

D.

The hosts must use a different datastore than the virtual appliance.

Full Access
Question # 75

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

A.

Cisco Tetration

B.

Cisco ISE?

C.

Cisco AMP for Network

D.

Cisco AnyConnect

Full Access
Question # 76

A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:// /capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

A.

Disable the proxy setting on the browser

B.

Disable the HTTPS server and use HTTP instead

C.

Use the Cisco FTD IP address as the proxy server setting on the browser

D.

Enable the HTTPS server for the device platform policy

Full Access
Question # 77

An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)

A.

Specify the NTP version

B.

Configure the NTP stratum

C.

Set the authentication key

D.

Choose the interface for syncing to the NTP server

E.

Set the NTP DNS hostname

Full Access
Question # 78

Which type of encryption uses a public key and private key?

A.

Asymmetric

B.

Symmetric

C.

Linear

D.

Nonlinear

Full Access
Question # 79

Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?

A.

IaC

B.

SaaS

C.

IaaS

D.

PaaS

Full Access
Question # 80

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

A.

Orchestration

B.

CI/CD pipeline

C.

Container

D.

Security

Full Access
Question # 81

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the

configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

A.

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

B.

The file being uploaded is incompatible with simple detections and must use advanced detections

C.

The hash being uploaded is part of a set in an incorrect format

D.

The engineer is attempting to upload a file instead of a hash

Full Access