350-701 Practice Question and Answers

A.  

configure system add

B.  

configure manager add host

C.  

configure manager delete

D.  

configure manager add

A.  

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

B.  

single sign-on access to on-premises and cloud applications

C.  

integration with 802.1x security using native Microsoft Windows supplicant

D.  

secure access to on-premises and cloud applications

E.  

identification and correction of application vulnerabilities before allowing access to resources

A.  

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.  

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.  

It allows the organization to detect and respond to threats at the edge of the network.

D.  

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

A.  

Traffic from the DMZ network is redirected

B.  

Traffic from the inside network is redirected

C.  

All TCP traffic is redirected

D.  

Traffic from the inside and DMZ networks is redirected

A.  

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.  

Cisco FTDv with one management interface and two traffic interfaces configured

C.  

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.  

Cisco FTDv with two management interfaces and one traffic interface configured

E.  

Cisco FTDv configured in routed mode and IPv6 configured

A.  

intent-based APIs

B.  

automation adapters

C.  

domain integration

D.  

application adapters

A.  

Sophos engine

B.  

white list

C.  

RAT

D.  

outbreak filters

E.  

DLP

A.  

registry

B.  

virtual

C.  

bootloader

D.  

user mode

E.  

buffer mode

A.  

Cisco SDA

B.  

Cisco Firepower

C.  

Cisco HyperFlex

D.  

Cisco Cloudlock

A.  

Change isakmp to ikev2 in the command on host

A.  

B.  

Enter the command with a different password on host

B.  

C.  

Enter the same command on host

B.  

D.  

Change the password on hostA to the default password.

A.  

Configure the datasecurityconfig command

B.  

Configure the advancedproxyconfig command with the HTTPS subcommand

C.  

Configure a small log-entry size.

D.  

Configure a maximum packet size.

A.  

user input validation in a web page or web application

B.  

Linux and Windows operating systems

C.  

database

D.  

web page images

A.  

CMX

B.  

WMI

C.  

Prime Infrastructure

D.  

Telemetry

A.  

asset inventory management

B.  

allowed application management

C.  

Active Directory group policy management

D.  

network device management

E.  

critical device management

A.  

It decrypts HTTPS application traffic for unauthenticated users.

B.  

It alerts users when the WSA decrypts their traffic.

C.  

It decrypts HTTPS application traffic for authenticated users.

D.  

It provides enhanced HTTPS application detection for AsyncOS.

A.  

data exfiltration

B.  

command and control communication

C.  

intelligent proxy

D.  

snort

E.  

URL categorization

A.  

DMVPN

B.  

FlexVPN

C.  

IPsec DVTI

D.  

GET VPN

A.  

RBAC

B.  

ETHOS detection engine

C.  

SPERO detection engine

D.  

TETRA detection engine

A.  

transparent

B.  

redirection

C.  

forward

D.  

proxy gateway

A.  

accounting

B.  

assurance

C.  

automation

D.  

authentication

E.  

encryption

A.  

dot1x system-auth-control

B.  

dot1x pae authenticator

C.  

authentication port-control aut

D.  

aaa new-model

A.  

compliant

B.  

unknown

C.  

authorized

D.  

noncompliant

A.  

Public Cloud

B.  

Hybrid Cloud

C.  

Community Cloud

D.  

Private Cloud

A.  

DDoS

B.  

antispam

C.  

antivirus

D.  

encryption

E.  

DLP

A.  

Port Bounce

B.  

CoA Terminate

C.  

CoA Reauth

D.  

CoA Session Query

A.  

Nexus

B.  

Stealthwatch

C.  

Firepower

D.  

Tetration

A.  

multiple factor auth

B.  

local web auth

C.  

single sign-on

D.  

central web auth

E.  

TACACS+

A.  

PaaS

B.  

XaaS

C.  

IaaS

D.  

SaaS

A.  

If the WSA host port is changed, the default port redirects web traffic to the correct port automatically.

B.  

PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.

C.  

The WSA hosts PAC files on port 9001 by default.

D.  

The WSA hosts PAC files on port 6001 by default.

E.  

By default, they direct traffic through a proxy when the PC and the host are on the same subnet.

A.  

STIX

B.  

XMPP

C.  

pxGrid

D.  

SMTP

A.  

The authentication request contains only a username.

B.  

The authentication request contains only a password.

C.  

There are separate authentication and authorization request packets.

D.  

The authentication and authorization requests are grouped in a single packet.

A.  

advanced persistent threat

B.  

open command and control

C.  

structured threat information expression

D.  

trusted automated exchange of indicator information

A.  

Configure the *.com address in the block list.

B.  

Configure the *.domain.com address in the block list

C.  

Configure the *.domain.com address in the block list

D.  

Configure the domain.com address in the block list

A.  

Asymmetric

B.  

Symmetric

C.  

Linear

D.  

Nonlinear

A.  

SDNS

B.  

NetFlow

C.  

passive taps

D.  

SNMP

A.  

EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.

B.  

Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.

C.  

EDR focuses solely on prevention at the perimeter.

D.  

Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

A.  

Configure Cisco ACI to ingest AWS information.

B.  

Configure Cisco Thousand Eyes to ingest AWS information.

C.  

Send syslog from AWS to Cisco Stealthwatch Cloud.

D.  

Send VPC Flow Logs to Cisco Stealthwatch Cloud.

E.  

Configure Cisco Stealthwatch Cloud to ingest AWS information

A.  

It deploys an AWS Lambda system

B.  

It automates resource resizing

C.  

It optimizes a flow path

D.  

It sets up a workload forensic score

A.  

It provides stealth threat prevention.

B.  

lt is a signature-based engine.

C.  

lt is an incident response tool

D.  

It provides precompromise detection.

A.  

It prevents use of compromised accounts and social engineering.

B.  

It prevents all zero-day attacks coming from the Internet.

C.  

It automatically removes malicious emails from users' inbox.

D.  

It prevents trojan horse malware using sensors.

E.  

It secures all passwords that are shared in video conferences.

A.  

Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco IS

E.  

B.  

Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE

C.  

Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

D.  

Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE

A.  

single-SSID BYOD

B.  

multichannel GUI

C.  

dual-SSID BYOD

D.  

streamlined access

A.  

Create an IP block list for the website from which the file was downloaded

B.  

Block the application that the file was using to open

C.  

Upload the hash for the file into the policy

D.  

Send the file to Cisco Threat Grid for dynamic analysis

A.  

inbound

B.  

north-south

C.  

east-west

D.  

outbound

A.  

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.

B.  

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

C.  

Environments deploy centrally managed host-based firewall rules on each server or container.

D.  

Environments implement private VLAN segmentation to group servers with similar applications.

A.  

per-interface stats

B.  

SNMP trap notification

C.  

Layer 2 device discovery

D.  

central syslog system

A.  

The hosts must run Cisco AsyncOS 10.0 or greater.

B.  

The hosts must run different versions of Cisco AsyncOS.

C.  

The hosts must have access to the same defined network.

D.  

The hosts must use a different datastore than the virtual appliance.

A.  

Authorize Dropbox within the Platform settings in the Cisco Cloudlock portal.

B.  

Add Dropbox to the Cisco Cloudlock Authentication and API section in the Cisco Cloudlock portal.

C.  

Send an API request to Cisco Cloudlock from Dropbox admin portal.

D.  

Add Cisco Cloudlock to the Dropbox admin portal.

A.  

Cisco FTD with Cisco ASDM

B.  

Cisco FTD with Cisco FMC

C.  

Cisco Firepower NGFW physical appliance with Cisco. FMC

D.  

Cisco Firepower NGFW Virtual appliance with Cisco FMC

A.  

signature-based endpoint protection on company endpoints

B.  

macro-based protection to keep connected endpoints safe

C.  

continuous monitoring of all files that are located on connected endpoints

D.  

email integration to protect endpoints from malicious content that is located in email

E.  

real-time feeds from global threat intelligence centers

A.  

TACACS+

B.  

CHAP

C.  

NTLMSSP

D.  

RADIUS

E.  

Kerberos

A.  

Cisco CTA

B.  

Cisco Stealthwatch

C.  

Cisco Encrypted Traffic Analytics

D.  

Cisco Umbrella

A.  

phishing attacks

B.  

flood attacks

C.  

virus attacks

D.  

trojan attacks

A.  

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

B.  

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

C.  

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

D.  

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

A.  

Only requests that originate from a configured NAS IP are accepted by a RADIUS server

B.  

The RADIUS authentication key is transmitted only from the defined RADIUS source interface

C.  

RADIUS requests are generated only by a router if a RADIUS source interface is defined.

D.  

Encrypted RADIUS authentication requires the RADIUS source interface be defined

A.  

probes

B.  

posture assessment

C.  

Cisco AnyConnect Secure Mobility Client

D.  

Cisco pxGrid

A.  

It collects telemetry data from servers and then uses software sensors to analyze flow

information.

B.  

It collects policy compliance data and process details.

C.  

It collects enforcement data from servers and collects interpacket variation.

D.  

It collects near-real time data from servers and inventories the software packages that exist on

servers.

A.  

by specifying blocked domains in me policy settings

B.  

by specifying the websites in a custom blocked category

C.  

by adding the websites to a blocked type destination list

D.  

by adding the website IP addresses to the Cisco Umbrella blocklist

A.  

It is the password for the certificate that is needed to install it with.

B.  

It provides the server information so a certificate can be created and signed

C.  

It provides the certificate client information so the server can authenticate against it when installing

D.  

It is the certificate that will be loaded onto the server

A.  

Group Policy

B.  

Method

C.  

SAML Server

D.  

DHCP Servers

A.  

westbound AP

B.  

southbound API

C.  

northbound API

D.  

eastbound API

A.  

buffer overflow

B.  

DoS

C.  

SQL injection

D.  

phishing

A.  

ip dhcp snooping verify mac-address

B.  

ip dhcp snooping limit 41

C.  

ip dhcp snooping vlan 41

D.  

ip dhcp snooping trust

A.  

Cisco Cloudlock

B.  

Cisco Umbrella

C.  

Cisco AMP

D.  

Cisco App Dynamics

A.  

Encrypted Traffic Analytics

B.  

Threat Intelligence Director

C.  

Cognitive Threat Analytics

D.  

Cisco Talos Intelligence

A.  

It hashes files.

B.  

It creates one-time use passwords.

C.  

It encrypts traffic.

D.  

It generates private keys.

A.  

SDP

B.  

LDAP

C.  

subordinate CA

D.  

SCP

E.  

HTTP

A.  

key selection without integer factorization

B.  

utilization of different keys for encryption and decryption

C.  

utilization of large prime number iterations

D.  

provides the capability to only know the key on one side

E.  

utilization of less memory

A.  

Public managed

B.  

Service Provider managed

C.  

Enterprise managed

D.  

User managed

E.  

Hybrid managed

A.  

Internet proxy

B.  

firewalling virtual machines

C.  

CASB

D.  

hypervisor OS hardening

A.  

to register new laptops and mobile devices

B.  

to request a newly provisioned mobile device

C.  

to provision userless and agentless systems

D.  

to manage and deploy antivirus definitions and patches on systems owned by the end user

A.  

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B.  

The file is queued for upload when connectivity is restored.

C.  

The file upload is abandoned.

D.  

The ESA immediately makes another attempt to upload the file.

A.  

LDAP injection

B.  

man-in-the-middle

C.  

cross-site scripting

D.  

insecure API

A.  

Use outbreak filters from SenderBase

B.  

Enable a message tracking service

C.  

Configure a recipient access table

D.  

Deploy the Cisco ESA in the DMZ

E.  

Scan quarantined emails using AntiVirus signatures

A.  

It provides operating system patches on the endpoints for security.

B.  

It provides flow-based visibility for the endpoints network connections.

C.  

It enables behavioral analysis to be used for the endpoints.

D.  

It protects endpoint systems through application control and real-time scanning

A.  

AES-BAC

B.  

AES-ABC

C.  

HMAC-SHA1/SHA2

D.  

Triple AMC-CBC

E.  

AES-CBC

A.  

URLs

B.  

protocol IDs

C.  

IP addresses

D.  

MAC addresses

E.  

port numbers

A.  

LDAP authentication for Microsoft Outlook

B.  

POP3 authentication

C.  

SMTP relay server authentication

D.  

external user and relay mail authentication

A.  

when there is a need for traditional anti-malware detection

B.  

when there is no need to have the solution centrally managed

C.  

when there is no firewall on the network

D.  

when there is a need to have more advanced detection capabilities

A.  

Frontdoor

B.  

Rootkit

C.  

Smurf

D.  

Backdoor

E.  

Sync

A.  

weak passwords

B.  

lack of input validation

C.  

missing encryption

D.  

lack of file permission

A.  

configure manager add DONTRESOLVE kregistration key>

B.  

configure manager add 16

C.  

configure manager add DONTRESOLVE FTD123

D.  

configure manager add

A.  

Place the Cisco ISE server and the AD server in the same subnet

B.  

Configure a common administrator account

C.  

Configure a common DNS server

D.  

Synchronize the clocks of the Cisco ISE server and the AD server

A.  

a Network Discovery policy to receive data from the host

B.  

a Threat Intelligence policy to download the data from the host

C.  

a File Analysis policy to send file data into Cisco Firepower

D.  

a Network Analysis policy to receive NetFlow data from the host

A.  

misconfiguration of infrastructure, which allows unauthorized access

B.  

intermittent connection to the cloud connectors

C.  

vulnerabilities within protocol

D.  

insecure implementation of API

A.  

DMVPN supports tunnel encryption, whereas sVTI does not.

B.  

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.  

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.  

DMVPN provides interoperability with other vendors, whereas sVTI does not.

A.  

IKEv1

B.  

AH

C.  

ESP

D.  

IKEv2

A.  

weak passwords

B.  

lack of input validation

C.  

missing encryption

D.  

lack of file permission