New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Questions and Answers

Questions 4

Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

Options:

A.

inter-EPG isolation

B.

inter-VLAN security

C.

intra-EPG isolation

D.

placement in separate EPGs

Buy Now
Questions 5

When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?

Options:

A.

It blocks the request.

B.

It applies the global policy.

C.

It applies the next identification profile policy.

D.

It applies the advanced policy.

Buy Now
Questions 6

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

Options:

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of the

product, whereas with a cloud-based solution, the provider is responsible for it.

Buy Now
Questions 7

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?

Options:

A.

The changes are applied immediately it the destination list is part or a policy.

B.

The destination list must be removed from the policy before changes are made to It.

C.

The changes are applied only after the configuration is saved in Cisco Umbrella.

D.

The user role of Block Page Bypass or higher is needed to perform these changes.

Buy Now
Questions 8

Which risk is created when using an Internet browser to access cloud-based service?

Options:

A.

misconfiguration of infrastructure, which allows unauthorized access

B.

intermittent connection to the cloud connectors

C.

vulnerabilities within protocol

D.

insecure implementation of API

Buy Now
Questions 9

Which Cisco platform ensures that machines that connect to organizational networks have the recommended

antivirus definitions and patches to help prevent an organizational malware outbreak?

Options:

A.

Cisco WiSM

B.

Cisco ESA

C.

Cisco ISE

D.

Cisco Prime Infrastructure

Buy Now
Questions 10

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

Options:

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Buy Now
Questions 11

Which Cisco security solution stops exfiltration using HTTPS?

Options:

A.

Cisco FTD

B.

Cisco AnyConnect

C.

Cisco CTA

D.

Cisco ASA

Questions 12

Refer to the exhibit. What does this Python script accomplish?

Options:

A.

It allows authentication with TLSv1 SSL protocol

B.

It authenticates to a Cisco ISE with an SSH connection.

C.

lt authenticates to a Cisco ISE server using the username of ersad

D.

It lists the LDAP users from the external identity store configured on Cisco ISE

Buy Now
Questions 13

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

Options:

A.

WSAv performance

B.

AVC performance

C.

OTCP performance

D.

RTP performance

Buy Now
Questions 14

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest

access, and the same guest portal is used as the BYOD portal?

Options:

A.

single-SSID BYOD

B.

multichannel GUI

C.

dual-SSID BYOD

D.

streamlined access

Buy Now
Questions 15

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

Options:

A.

Only requests that originate from a configured NAS IP are accepted by a RADIUS server

B.

The RADIUS authentication key is transmitted only from the defined RADIUS source interface

C.

RADIUS requests are generated only by a router if a RADIUS source interface is defined.

D.

Encrypted RADIUS authentication requires the RADIUS source interface be defined

Buy Now
Questions 16

What is an advantage of the Cisco Umbrella roaming client?

Options:

A.

the ability to see all traffic without requiring TLS decryption

B.

visibility into IP-based threats by tunneling suspicious IP connections

C.

the ability to dynamically categorize traffic to previously uncategorized sites

D.

visibility into traffic that is destined to sites within the office environment

Buy Now
Questions 17

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the

organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which

mechanism should the engineer configure to accomplish this goal?

Options:

A.

mirror port

B.

Flow

C.

NetFlow

D.

VPC flow logs

Buy Now
Questions 18

Drag and drop the capabilities from the left onto the correct technologies on the right.

Options:

Buy Now
Questions 19

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

Options:

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Buy Now
Questions 20

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

Options:

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Buy Now
Questions 21

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

Options:

A.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E.

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

Buy Now
Questions 22

What are two Trojan malware attacks? (Choose two)

Options:

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Buy Now
Questions 23

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

Options:

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Buy Now
Questions 24

What is the purpose of the certificate signing request when adding a new certificate for a server?

Options:

A.

It is the password for the certificate that is needed to install it with.

B.

It provides the server information so a certificate can be created and signed

C.

It provides the certificate client information so the server can authenticate against it when installing

D.

It is the certificate that will be loaded onto the server

Buy Now
Questions 25

What is the difference between Cross-site Scripting and SQL Injection, attacks?

Options:

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Buy Now
Questions 26

Which type of algorithm provides the highest level of protection against brute-force attacks?

Options:

A.

PFS

B.

HMAC

C.

MD5

D.

SHA

Buy Now
Questions 27

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

Options:

A.

Google Cloud Platform

B.

Red Hat Enterprise Visualization

C.

VMware ESXi

D.

Amazon Web Services

Buy Now
Questions 28

Drag and drop the descriptions from the left onto the encryption algorithms on the right.

Options:

Buy Now
Questions 29

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Options:

A.

Cisco Cloudlock

B.

Cisco Umbrella

C.

Cisco AMP

D.

Cisco App Dynamics

Buy Now
Questions 30

What is a difference between DMVPN and sVTI?

Options:

A.

DMVPN supports tunnel encryption, whereas sVTI does not.

B.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Buy Now
Questions 31

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API. Which solution should be used to accomplish this goal?

Options:

A.

SIEM

B.

CASB

C.

Adaptive MFA

D.

Cisco Cloudlock

Buy Now
Questions 32

Which attack type attempts to shut down a machine or network so that users are not able to access it?

Options:

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Buy Now
Questions 33

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

Options:

A.

Set content settings to High

B.

Configure the intelligent proxy.

C.

Use destination block lists.

D.

Configure application block lists.

Buy Now
Questions 34

Refer to the exhibit.

What is the function of the Python script code snippet for the Cisco ASA REST API?

Options:

A.

adds a global rule into policies

B.

changes the hostname of the Cisco ASA

C.

deletes a global rule from policies

D.

obtains the saved configuration of the Cisco ASA firewall

Buy Now
Questions 35

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

Options:

A.

OpenC2

B.

OpenlOC

C.

CybOX

D.

STIX

Buy Now
Questions 36

Refer to the exhibit,

which command results in these messages when attempting to troubleshoot an iPsec VPN connection?

Options:

A.

debug crypto isakmp

B.

debug crypto ipsec endpoint

C.

debug crypto Ipsec

D.

debug crypto isakmp connection

Buy Now
Questions 37

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

Options:

A.

Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.

B.

Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE

C.

Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

D.

Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE

Buy Now
Questions 38

Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?

Options:

A.

inbound

B.

north-south

C.

east-west

D.

outbound

Buy Now
Questions 39

What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?

Options:

A.

trusted automated exchange

B.

Indicators of Compromise

C.

The Exploit Database

D.

threat intelligence

Buy Now
Questions 40

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)

Options:

A.

TACACS+

B.

CHAP

C.

NTLMSSP

D.

RADIUS

E.

Kerberos

Buy Now
Questions 41

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

Options:

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Buy Now
Questions 42

Drag and drop the common security threats from the left onto the definitions on the right.

Options:

Buy Now
Questions 43

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally

manage cloud policies across these platforms. Which software should be used to accomplish this goal?

Options:

A.

Cisco Defense Orchestrator

B.

Cisco Secureworks

C.

Cisco DNA Center

D.

Cisco Configuration Professional

Buy Now
Questions 44

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network

is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

Options:

A.

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B.

The file is queued for upload when connectivity is restored.

C.

The file upload is abandoned.

D.

The ESA immediately makes another attempt to upload the file.

Buy Now
Questions 45

Drag and drop the VPN functions from the left onto the description on the right.

Options:

Buy Now
Questions 46

A network administrator is configuring SNMPv3 on a new router. The users have already been created;

however, an additional configuration is needed to facilitate access to the SNMP views. What must the

administrator do to accomplish this?

Options:

A.

map SNMPv3 users to SNMP views

B.

set the password to be used for SNMPv3 authentication

C.

define the encryption algorithm to be used by SNMPv3

D.

specify the UDP port used by SNMP

Buy Now
Questions 47

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Options:

Buy Now
Questions 48

Refer to the exhibit.

Which type of authentication is in use?

Options:

A.

LDAP authentication for Microsoft Outlook

B.

POP3 authentication

C.

SMTP relay server authentication

D.

external user and relay mail authentication

Buy Now
Questions 49

What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

Options:

A.

Public managed

B.

Service Provider managed

C.

Enterprise managed

D.

User managed

E.

Hybrid managed

Buy Now
Questions 50

Which component of Cisco umbrella architecture increases reliability of the service?

Options:

A.

Anycast IP

B.

AMP Threat grid

C.

Cisco Talos

D.

BGP route reflector

Buy Now
Questions 51

How does Cisco Advanced Phishing Protection protect users?

Options:

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Buy Now
Questions 52

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

Options:

A.

To protect the endpoint against malicious file transfers

B.

To ensure that assets are secure from malicious links on and off the corporate network

C.

To establish secure VPN connectivity to the corporate network

D.

To enforce posture compliance and mandatory software

Buy Now
Questions 53

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Options:

A.

Place the Cisco ISE server and the AD server in the same subnet

B.

Configure a common administrator account

C.

Configure a common DNS server

D.

Synchronize the clocks of the Cisco ISE server and the AD server

Buy Now
Questions 54

Refer to the exhibit.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

Options:

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Buy Now
Questions 55

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

Options:

A.

need to be reestablished with stateful failover and preserved with stateless failover

B.

preserved with stateful failover and need to be reestablished with stateless failover

C.

preserved with both stateful and stateless failover

D.

need to be reestablished with both stateful and stateless failover

Buy Now
Questions 56

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

Options:

A.

buffer overflow

B.

DoS

C.

SQL injection

D.

phishing

Buy Now
Questions 57

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

Options:

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Buy Now
Questions 58

How does DNS Tunneling exfiltrate data?

Options:

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware through

that connection.

B.

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C.

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to

poison the resolutions.

D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious

domain.

Buy Now
Questions 59

What is a function of 3DES in reference to cryptography?

Options:

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Buy Now
Questions 60

Why is it important to implement MFA inside of an organization?

Options:

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Buy Now
Questions 61

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

Options:

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Buy Now
Questions 62

Drag and drop the threats from the left onto examples of that threat on the right

Options:

Buy Now
Questions 63

What is a benefit of performing device compliance?

Options:

A.

Verification of the latest OS patches

B.

Device classification and authorization

C.

Providing multi-factor authentication

D.

Providing attribute-driven policies

Buy Now
Questions 64

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen

on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose

two)

Options:

A.

permit

B.

trust

C.

reset

D.

allow

E.

monitor

Buy Now
Questions 65

Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Options:

Buy Now
Questions 66

Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

Options:

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Buy Now
Questions 67

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

Options:

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Buy Now
Questions 68

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

Options:

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Buy Now
Questions 69

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Options:

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Buy Now
Questions 70

Which Dos attack uses fragmented packets to crash a target machine?

Options:

A.

smurf

B.

MITM

C.

teardrop

D.

LAND

Buy Now
Questions 71

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

Options:

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Buy Now
Questions 72

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

Options:

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Buy Now
Questions 73

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

Options:

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Buy Now
Questions 74

Refer to the exhibit.

What will happen when this Python script is run?

Options:

A.

The compromised computers and malware trajectories will be received from Cisco AMP

B.

The list of computers and their current vulnerabilities will be received from Cisco AMP

C.

The compromised computers and what compromised them will be received from Cisco AMP

D.

The list of computers, policies, and connector statuses will be received from Cisco AMP

Buy Now
Questions 75

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

Options:

A.

The policy was created to send a message to quarantine instead of drop

B.

The file has a reputation score that is above the threshold

C.

The file has a reputation score that is below the threshold

D.

The policy was created to disable file analysis

Buy Now
Questions 76

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?

Options:

A.

ntp peer 1.1.1.1 key 1

B.

ntp server 1.1.1.1 key 1

C.

ntp server 1.1.1.2 key 1

D.

ntp peer 1.1.1.2 key 1

Buy Now
Questions 77

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,

data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity

platform. What should be used to meet these requirements?

Options:

A.

Cisco Umbrella

B.

Cisco Cloud Email Security

C.

Cisco NGFW

D.

Cisco Cloudlock

Buy Now
Questions 78

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Options:

Buy Now
Questions 79

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

Options:

A.

Set a trusted interface for the DHCP server

B.

Set the DHCP snooping bit to 1

C.

Add entries in the DHCP snooping database

D.

Enable ARP inspection for the required VLAN

Buy Now
Questions 80

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

Options:

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Buy Now
Questions 81

Which MDM configuration provides scalability?

Options:

A.

pushing WPA2-Enterprise settings automatically to devices

B.

enabling use of device features such as camera use

C.

BYOD support without extra appliance or licenses

D.

automatic device classification with level 7 fingerprinting

Buy Now
Questions 82

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

Options:

A.

Telemetry uses a pull mehod, which makes it more reliable than SNMP

B.

Telemetry uses push and pull, which makes it more scalable than SNMP

C.

Telemetry uses push and pull which makes it more secure than SNMP

D.

Telemetry uses a push method which makes it faster than SNMP

Buy Now
Questions 83

How does a WCCP-configured router identify if the Cisco WSA is functional?

Options:

A.

If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.

B.

If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer

transmitted to the WSA.

C.

The WSA sends a Here-l-Am message every 10 seconds, and the router acknowledges with an ISee-You message.

D.

The router sends a Here-l-Am message every 10 seconds, and the WSA acknowledges with an ISee-You message.

Buy Now
Questions 84

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

Options:

A.

api/v1/fie/config

B.

api/v1/onboarding/pnp-device/import

C.

api/v1/onboarding/pnp-device

D.

api/v1/onboarding/workflow

Buy Now
Questions 85

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

Options:

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Buy Now
Questions 86

Which feature must be configured before implementing NetFlow on a router?

Options:

A.

SNMPv3

B.

syslog

C.

VRF

D.

IP routing

Buy Now
Questions 87

Which two capabilities does an MDM provide? (Choose two.)

Options:

A.

delivery of network malware reports to an inbox in a schedule

B.

unified management of mobile devices, Macs, and PCs from a centralized dashboard

C.

enforcement of device security policies from a centralized dashboard

D.

manual identification and classification of client devices

E.

unified management of Android and Apple devices from a centralized dashboard

Buy Now
Questions 88

Which security solution protects users leveraging DNS-layer security?

Options:

A.

Cisco ISE

B.

Cisco FTD

C.

Cisco Umbrella

D.

Cisco ASA

Buy Now
Questions 89

Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Secure Workload implementation? (Choose two.)

Options:

A.

ADC

B.

ERSPAN

C.

Cisco ASA

D.

NetFlow

E.

Cisco Secure Workload

Buy Now
Questions 90

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?

Options:

A.

denial -of-service

B.

cross-site request forgery

C.

man-in-the-middle

D.

SQL injection

Buy Now
Questions 91

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

Options:

A.

webadvancedconfig

B.

websecurity advancedconfig

C.

outbreakconfig

D.

websecurity config

Buy Now
Questions 92

What is a difference between an XSS attack and an SQL injection attack?

Options:

A.

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

B.

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

C.

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to

redirect users to websites where attackers can steal data from them

D.

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to

redirect users to websites where attackers can steal data from them

Buy Now
Questions 93

What is a difference between a DoS attack and a DDoS attack?

Options:

A.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

B.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

C.

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

D.

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

Buy Now
Questions 94

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

Options:

A.

Cisco Tetration

B.

Cisco ISE

C.

Cisco AMP for Network

D.

Cisco AnyConnect

Buy Now
Questions 95

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?

Options:

A.

buffer overflow

B.

browser WGET

C.

SQL injection

D.

cross-site scripting

Buy Now
Questions 96

Which IETF attribute is supported for the RADIUS CoA feature?

Options:

A.

24 State

B.

30 Calling-Station-ID

C.

42 Acct-Session-ID

D.

81 Message-Authenticator

Buy Now
Questions 97

Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.

Options:

Buy Now
Questions 98

Which standard is used to automate exchanging cyber threat information?

Options:

A.

TAXII

B.

MITRE

C.

IoC

D.

STIX

Buy Now
Questions 99

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively u: of the default policy elements. What else must be done to accomplish this task?

Options:

A.

Add the specified addresses to the identities list and create a block action.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Use content categories to block or allow specific addresses.

D.

Modify the application settings to allow only applications to connect to required addresses.

Buy Now
Questions 100

What is the purpose of a denial-of-service attack?

Options:

A.

to disrupt the normal operation of a targeted system by overwhelming It

B.

to exploit a security vulnerability on a computer system to steal sensitive information

C.

to prevent or limit access to data on a computer system by encrypting It

D.

to spread throughout a computer system by self-replicating to additional hosts

Buy Now
Questions 101

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?

Options:

A.

Cisco Identity Services Engine (ISE)

B.

Cisco Enterprise Security Appliance (ESA)

C.

Cisco Web Security Appliance (WSA)

D.

Cisco Advanced Stealthwatch Appliance (ASA)

Buy Now
Questions 102

What are two functions of IKEv1 but not IKEv2? (Choose two)

Options:

A.

NAT-T is supported in IKEv1 but rot in IKEv2.

B.

With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext

C.

With IKEv1, mode negotiates faster than main mode

D.

IKEv1 uses EAP authentication

E.

IKEv1 conversations are initiated by the IKE_SA_INIT message

Buy Now
Questions 103

Which VPN provides scalability for organizations with many remote sites?

Options:

A.

DMVPN

B.

site-to-site iPsec

C.

SSL VPN

D.

GRE over IPsec

Buy Now
Questions 104

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

Options:

A.

CNAME

B.

MX

C.

SPF

D.

DKIM

Buy Now
Questions 105

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

Options:

A.

Identity the network IPs and place them in a blocked list.

B.

Modify the advanced custom detection list to include these files.

C.

Create an application control blocked applications list.

D.

Add a list for simple custom detection.

Buy Now
Questions 106

When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?

Options:

A.

CDP

B.

NTP

C.

syslog

D.

DNS

Buy Now
Questions 107

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

Options:

A.

Southbound APIs are used to define how SDN controllers integrate with applications.

B.

Southbound interfaces utilize device configurations such as VLANs and IP addresses.

C.

Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.

D.

Southbound APIs utilize CLI, SNMP, and RESTCONF.

E.

Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Buy Now
Questions 108

Drag and drop the deployment models from the left onto the explanations on the right.

Options:

Buy Now
Questions 109

Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?

Options:

A.

filters

B.

group key

C.

company key

D.

connector

Buy Now
Questions 110

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?

Options:

A.

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address

B.

Use the tenant control features to identify each subnet being used and track the connections within the

Cisco Umbrella dashboard

C.

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

D.

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

Buy Now
Questions 111

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management

port conflicts with other communications on the network and must be changed. What must be done to ensure

that all devices can communicate together?

Options:

A.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

B.

Set the tunnel to go through the Cisco FTD

C.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD

devices

D.

Set the tunnel port to 8305

Buy Now
Questions 112

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.

The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

Options:

A.

Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not

B.

Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.

C.

Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not

D.

Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

Buy Now
Questions 113

Which capability is provided by application visibility and control?

Options:

A.

reputation filtering

B.

data obfuscation

C.

data encryption

D.

deep packet inspection

Buy Now
Questions 114

Which service allows a user export application usage and performance statistics with Cisco Application Visibility

and control?

Options:

A.

SNORT

B.

NetFlow

C.

SNMP

D.

802.1X

Buy Now
Questions 115

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?

Options:

A.

Configure the default policy to redirect the requests to the correct policy

B.

Place the policy with the most-specific configuration last in the policy order

C.

Configure only the policy with the most recently changed timestamp

D.

Make the correct policy first in the policy order

Buy Now
Questions 116

A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access The Cisco ESA must also join a cluster machine using preshared keys What must be configured to meet these requirements?

Options:

A.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.

B.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI

C.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.

D.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI

Buy Now
Questions 117

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?

Options:

A.

Cisco Stealthwatch Cloud

B.

Cisco Umbrella

C.

NetFlow collectors

D.

Cisco Cloudlock

Buy Now
Questions 118

What is a feature of NetFlow Secure Event Logging?

Options:

A.

It exports only records that indicate significant events in a flow.

B.

It filters NSEL events based on the traffic and event type through RSVP.

C.

It delivers data records to NSEL collectors through NetFlow over TCP only.

D.

It supports v5 and v8 templates.

Buy Now
Questions 119

What is the purpose of CA in a PKI?

Options:

A.

To issue and revoke digital certificates

B.

To validate the authenticity of a digital certificate

C.

To create the private key for a digital certificate

D.

To certify the ownership of a public key by the named subject

Buy Now
Questions 120

An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG. The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?

Options:

A.

Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.

B.

Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.

C.

Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI

D.

Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.

Buy Now
Questions 121

What limits communication between applications or containers on the same node?

Options:

A.

microsegmentation

B.

container orchestration

C.

microservicing

D.

Software-Defined Access

Buy Now
Questions 122

Which function is performed by certificate authorities but is a limitation of registration authorities?

Options:

A.

accepts enrollment requests

B.

certificate re-enrollment

C.

verifying user identity

D.

CRL publishing

Buy Now
Questions 123

Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?

Options:

A.

source NAT

B.

reverse tunnel

C.

GRE tunnel

D.

destination NAT

Buy Now
Questions 124

A company recently discovered an attack propagating throughout their Windows network via a file named abc428565580xyz exe The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise What must be performed to ensure detection of the malicious file?

Options:

A.

Upload the malicious file to the Blocked Application Control List

B.

Use an Advanced Custom Detection List instead of a Simple Custom Detection List

C.

Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis

D.

Upload the SHA-256 hash for the file to the Simple Custom Detection List

Buy Now
Questions 125

How does Cisco Umbrella protect clients when they operate outside of the corporate network?

Options:

A.

by modifying the registry for DNS lookups

B.

by using Active Directory group policies to enforce Cisco Umbrella DNS servers

C.

by using the Cisco Umbrella roaming client

D.

by forcing DNS queries to the corporate name servers

Buy Now
Questions 126

Refer to the exhibit.

The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

Options:

A.

P2 and P3 only

B.

P5, P6, and P7 only

C.

P1, P2, P3, and P4 only

D.

P2, P3, and P6 only

Buy Now
Questions 127

What is a language format designed to exchange threat intelligence that can be transported over the TAXII

protocol?

Options:

A.

STIX

B.

XMPP

C.

pxGrid

D.

SMTP

Buy Now
Questions 128

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from

Cisco and other vendors to share data and interoperate with each other?

Options:

A.

Advanced Malware Protection

B.

Platform Exchange Grid

C.

Multifactor Platform Integration

D.

Firepower Threat Defense

Buy Now
Questions 129

Which form of attack is launched using botnets?

Options:

A.

EIDDOS

B.

virus

C.

DDOS

D.

TCP flood

Buy Now
Questions 130

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

Options:

A.

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

B.

A sysopt command can be used to enable NSEL on a specific interface.

C.

NSEL can be used without a collector configured.

D.

A flow-export event type must be defined under a policy

Buy Now
Questions 131

How does Cisco Stealthwatch Cloud provide security for cloud environments?

Options:

A.

It delivers visibility and threat detection.

B.

It prevents exfiltration of sensitive data.

C.

It assigns Internet-based DNS protection for clients and servers.

D.

It facilitates secure connectivity between public and private networks.

Buy Now
Questions 132

Which technology reduces data loss by identifying sensitive information stored in public computing

environments?

Options:

A.

Cisco SDA

B.

Cisco Firepower

C.

Cisco HyperFlex

D.

Cisco Cloudlock

Buy Now
Questions 133

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

Options:

A.

NetFlow

B.

desktop client

C.

ASDM

D.

API

Buy Now
Questions 134

Refer to the exhibit.

A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

Options:

A.

set the IP address of an interface

B.

complete no configurations

C.

complete all configurations

D.

add subinterfaces

Buy Now
Questions 135

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

Options:

A.

authentication server: Cisco Identity Service Engine

B.

supplicant: Cisco AnyConnect ISE Posture module

C.

authenticator: Cisco Catalyst switch

D.

authenticator: Cisco Identity Services Engine

E.

authentication server: Cisco Prime Infrastructure

Buy Now
Questions 136

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the

endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

Options:

A.

Port Bounce

B.

CoA Terminate

C.

CoA Reauth

D.

CoA Session Query

Buy Now
Questions 137

Which statement about IOS zone-based firewalls is true?

Options:

A.

An unassigned interface can communicate with assigned interfaces

B.

Only one interface can be assigned to a zone.

C.

An interface can be assigned to multiple zones.

D.

An interface can be assigned only to one zone.

Buy Now
Questions 138

What is the primary role of the Cisco Email Security Appliance?

Options:

A.

Mail Submission Agent

B.

Mail Transfer Agent

C.

Mail Delivery Agent

D.

Mail User Agent

Buy Now
Questions 139

Which Cisco security solution protects remote users against phishing attacks when they are not connected to

the VPN?

Options:

A.

Cisco Stealthwatch

B.

Cisco Umbrella

C.

Cisco Firepower

D.

NGIPS

Buy Now
Questions 140

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

Options:

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Buy Now
Questions 141

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Options:

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Buy Now
Questions 142

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

Options:

A.

AMP

B.

AnyConnect

C.

DynDNS

D.

Talos

Buy Now
Questions 143

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

Options:

A.

sniffing the packets between the two hosts

B.

sending continuous pings

C.

overflowing the buffer’s memory

D.

inserting malicious commands into the database

Buy Now
Questions 144

What is a feature of the open platform capabilities of Cisco DNA Center?

Options:

A.

intent-based APIs

B.

automation adapters

C.

domain integration

D.

application adapters

Buy Now
Questions 145

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?

(Choose two)

Options:

A.

configure Active Directory Group Policies to push proxy settings

B.

configure policy-based routing on the network infrastructure

C.

reference a Proxy Auto Config file

D.

configure the proxy IP address in the web-browser settings

E.

use Web Cache Communication Protocol

Buy Now
Questions 146

How is Cisco Umbrella configured to log only security events?

Options:

A.

per policy

B.

in the Reporting settings

C.

in the Security Settings section

D.

per network in the Deployments section

Buy Now
Questions 147

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

Options:

A.

show authorization status

B.

show authen sess int gi0/1

C.

show connection status gi0/1

D.

show ver gi0/1

Buy Now
Questions 148

How many interfaces per bridge group does an ASA bridge group deployment support?

Options:

A.

up to 2

B.

up to 4

C.

up to 8

D.

up to 16

Buy Now
Questions 149

When Cisco and other industry organizations publish and inform users of known security findings and

vulnerabilities, which name is used?

Options:

A.

Common Security Exploits

B.

Common Vulnerabilities and Exposures

C.

Common Exploits and Vulnerabilities

D.

Common Vulnerabilities, Exploits and Threats

Buy Now
Questions 150

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services

Engine? (Choose two)

Options:

A.

RADIUS

B.

TACACS+

C.

DHCP

D.

sFlow

E.

SMTP

Buy Now
Questions 151

Which two capabilities does TAXII support? (Choose two)

Options:

A.

Exchange

B.

Pull messaging

C.

Binding

D.

Correlation

E.

Mitigating

Buy Now
Questions 152

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?

(Choose two)

Options:

A.

Outgoing traffic is allowed so users can communicate with outside organizations.

B.

Malware infects the messenger application on the user endpoint to send company data.

C.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

D.

An exposed API for the messaging platform is used to send large amounts of data.

E.

Messenger applications cannot be segmented with standard network controls

Buy Now
Questions 153

Refer to the exhibit.

What does the number 15 represent in this configuration?

Options:

A.

privilege level for an authorized user to this router

B.

access list that identifies the SNMP devices that can access the router

C.

interval in seconds between SNMPv3 authentication attempts

D.

number of possible failed attempts until the SNMPv3 user is locked out

Buy Now
Questions 154

What is the function of Cisco Cloudlock for data security?

Options:

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Buy Now
Questions 155

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

Options:

A.

Smurf

B.

distributed denial of service

C.

cross-site scripting

D.

rootkit exploit

Buy Now
Questions 156

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

Options:

A.

health policy

B.

system policy

C.

correlation policy

D.

access control policy

E.

health awareness policy

Buy Now
Questions 157

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

Options:

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Buy Now
Questions 158

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

Options:

A.

RBAC

B.

ETHOS detection engine

C.

SPERO detection engine

D.

TETRA detection engine

Buy Now
Questions 159

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

Options:

A.

Time-based one-time passwords

B.

Data loss prevention

C.

Heuristic-based filtering

D.

Geolocation-based filtering

E.

NetFlow

Buy Now
Questions 160

Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

Options:

A.

exploits

B.

ARP spoofing

C.

denial-of-service attacks

D.

malware

E.

eavesdropping

Buy Now
Questions 161

Which two behavioral patterns characterize a ping of death attack? (Choose two)

Options:

A.

The attack is fragmented into groups of 16 octets before transmission.

B.

The attack is fragmented into groups of 8 octets before transmission.

C.

Short synchronized bursts of traffic are used to disrupt TCP connections.

D.

Malformed packets are used to crash systems.

E.

Publicly accessible DNS servers are typically used to execute the attack.

Buy Now
Questions 162

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

Options:

A.

SDN controller and the cloud

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the management solution

Buy Now
Questions 163

Which command enables 802.1X globally on a Cisco switch?

Options:

A.

dot1x system-auth-control

B.

dot1x pae authenticator

C.

authentication port-control aut

D.

aaa new-model

Buy Now
Questions 164

Which information is required when adding a device to Firepower Management Center?

Options:

A.

username and password

B.

encryption method

C.

device serial number

D.

registration key

Buy Now
Questions 165

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

Options:

A.

DNS tunneling

B.

DNSCrypt

C.

DNS security

D.

DNSSEC

Buy Now
Questions 166

What provides visibility and awareness into what is currently occurring on the network?

Options:

A.

CMX

B.

WMI

C.

Prime Infrastructure

D.

Telemetry

Buy Now
Questions 167

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

Options:

A.

Windows service

B.

computer identity

C.

user identity

D.

Windows firewall

E.

default browser

Buy Now
Questions 168

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

Options:

A.

File Analysis

B.

SafeSearch

C.

SSL Decryption

D.

Destination Lists

Buy Now
Questions 169

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

Options:

A.

transparent

B.

redirection

C.

forward

D.

proxy gateway

Buy Now
Questions 170

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the

corporate network. The endpoints must have the corporate antivirus application installed and be running the

latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the

network?

Options:

A.

Cisco Identity Services Engine and AnyConnect Posture module

B.

Cisco Stealthwatch and Cisco Identity Services Engine integration

C.

Cisco ASA firewall with Dynamic Access Policies configured

D.

Cisco Identity Services Engine with PxGrid services enabled

Buy Now
Questions 171

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

Options:

A.

Configure the trackingconfig command to enable message tracking.

B.

Generate a system report.

C.

Review the log files.

D.

Perform a trace.

Buy Now
Questions 172

A mall provides security services to customers with a shared appliance. The mall wants separation of

management on the shared appliance. Which ASA deployment mode meets these needs?

Options:

A.

routed mode

B.

transparent mode

C.

multiple context mode

D.

multiple zone mode

Buy Now
Questions 173

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

Options:

A.

DHCP snooping has not been enabled on all VLANs.

B.

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

C.

Dynamic ARP Inspection has not been enabled on all VLANs

D.

The no ip arp inspection trust command is applied on all user host interfaces

Buy Now
Questions 174

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

Options:

A.

Patch for cross-site scripting.

B.

Perform backups to the private cloud.

C.

Protect against input validation and character escapes in the endpoint.

D.

Install a spam and virus email filter.

E.

Protect systems with an up-to-date antimalware program

Buy Now
Questions 175

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

Options:

A.

Application Control

B.

Security Category Blocking

C.

Content Category Blocking

D.

File Analysis

Buy Now
Questions 176

Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

Options:

A.

configure system add

B.

configure manager add host

C.

configure manager delete

D.

configure manager add

Buy Now
Questions 177

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

Options:

A.

transparent mode

B.

routed mode

C.

inline mode

D.

active mode

E.

passive monitor-only mode

Buy Now
Questions 178

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an

organization? (Choose two)

Options:

A.

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

B.

single sign-on access to on-premises and cloud applications

C.

integration with 802.1x security using native Microsoft Windows supplicant

D.

secure access to on-premises and cloud applications

E.

identification and correction of application vulnerabilities before allowing access to resources

Buy Now
Questions 179

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

Options:

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Buy Now
Questions 180

In which cloud services model is the tenant responsible for virtual machine OS patching?

Options:

A.

IaaS

B.

UCaaS

C.

PaaS

D.

SaaS

Buy Now
Questions 181

What is a characteristic of Dynamic ARP Inspection?

Options:

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP

snooping binding database.

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are

untrusted

C.

DAI associates a trust state with each switch.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Buy Now
Questions 182

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

Options:

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Buy Now
Questions 183

What is a characteristic of traffic storm control behavior?

Options:

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within

the interval.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is

unicast or broadcast.

Buy Now
Questions 184

What is the primary benefit of deploying an ESA in hybrid mode?

Options:

A.

You can fine-tune its settings to provide the optimum balance between security and performance for your environment

B.

It provides the lowest total cost of ownership by reducing the need for physical appliances

C.

It provides maximum protection and control of outbound messages

D.

It provides email security while supporting the transition to the cloud

Buy Now
Questions 185

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

Options:

A.

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.

Cisco FTDv with one management interface and two traffic interfaces configured

C.

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.

Cisco FTDv with two management interfaces and one traffic interface configured

E.

Cisco FTDv configured in routed mode and IPv6 configured

Buy Now
Questions 186

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

Options:

A.

It allows the administrator to quarantine malicious files so that the application can function, just not

maliciously.

B.

It discovers and controls cloud apps that are connected to a company’s corporate environment.

C.

It deletes any application that does not belong in the network.

D.

It sends the application information to an administrator to act on.

Buy Now
Questions 187

Which option is the main function of Cisco Firepower impact flags?

Options:

A.

They alert administrators when critical events occur.

B.

They highlight known and suspected malicious IP addresses in reports.

C.

They correlate data about intrusions and vulnerability.

D.

They identify data that the ASA sends to the Firepower module.

Buy Now
Questions 188

Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

Options:

A.

get the process and PID information from the computers in the network

B.

create an SNMP pull mechanism for managing AMP

C.

gather network telemetry information from AMP for endpoints

D.

gather the network interface information about the computers AMP sees

Buy Now
Questions 189

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

Options:

A.

data exfiltration

B.

command and control communication

C.

intelligent proxy

D.

snort

E.

URL categorization

Buy Now
Exam Code: 350-701
Exam Name: Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)
Last Update: Dec 22, 2024
Questions: 630

PDF + Testing Engine

$144.99

Testing Engine

$109.99

PDF (Q&A)

$94.99