The Secret Of Cisco 350-701 Test Preparation

NEW QUESTION 1
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

• A. RADIUS
• B. TACACS+
• C. DHCP
• D. sFlow
• E. SMTP

Answer: AC

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

NEW QUESTION 2
Which algorithm provides encryption and authentication for data plane communication?

• A. AES-GCM
• B. SHA-96
• C. AES-256
• D. SHA-384

Answer: A

NEW QUESTION 3
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

• A. transparent
• B. redirection
• C. forward
• D. proxy gateway

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html

NEW QUESTION 4
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

• A. security intelligence
• B. impact flags
• C. health monitoring
• D. URL filtering

Answer: A

NEW QUESTION 5
In a PaaS model, which layer is the tenant responsible for maintaining and patching?

• A. hypervisor
• B. virtual machine
• C. network
• D. application

Answer: D

Explanation:
Reference: https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-how-to-choose/

NEW QUESTION 6
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)

• A. DDoS
• B. antispam
• C. antivirus
• D. encryption
• E. DLP

Answer: DE

Explanation:
Reference: https://www.cisco.com/c/dam/en/us/td/docs/security/ces/overview_guide/Cisco_Cloud_Hybrid_Email_Security_Overview_Guide.pdf

NEW QUESTION 7
Which information is required when adding a device to Firepower Management Center?

• A. username and password
• B. encryption method
• C. device serial number
• D. registration key

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Device_Management_Basics.html#ID-2242-0000069d

NEW QUESTION 8
Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

• A. The authentication request contains only a password
• B. The authentication request contains only a username
• C. The authentication and authorization requests are grouped in a single packet.
• D. There are separate authentication and authorization request packets.

Answer: C

NEW QUESTION 9
Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

• A. show authentication registrations
• B. show authentication method
• C. show dot1x all
• D. show authentication sessions

Answer: B

NEW QUESTION 10
Which two behavioral patterns characterize a ping of death attack? (Choose two.)

• A. The attack is fragmented into groups of 16 octets before transmission.
• B. The attack is fragmented into groups of 8 octets before transmission.
• C. Short synchronized bursts of traffic are used to disrupt TCP connections.
• D. Malformed packets are used to crash systems.
• E. Publicly accessible DNS servers are typically used to execute the attack.

Answer: BD

Explanation:
Reference: https://en.wikipedia.org/wiki/Ping_of_death

NEW QUESTION 11
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

• A. RSA SecureID
• B. Internal Database
• C. Active Directory
• D. LDAP

Answer: C

NEW QUESTION 12
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

• A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
• B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
• C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
• D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
• E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

Answer: BC

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html

NEW QUESTION 13
Which feature is supported when deploying Cisco ASAv within AWS public cloud?

• A. multiple context mode
• B. user deployment of Layer 3 networks
• C. IPv6
• D. clustering

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96-qsg/asav-aws.html

NEW QUESTION 14
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)

• A. biometric factor
• B. time factor
• C. confidentiality factor
• D. knowledge factor
• E. encryption factor

Answer: AD

NEW QUESTION 15
Why would a user choose an on-premises ESA versus the CES solution?

• A. Sensitive data must remain onsite.
• B. Demand is unpredictable.
• C. The server team wants to outsource this service.
• D. ESA is deployed inline.

Answer: A

NEW QUESTION 16
Where are individual sites specified to be blacklisted in Cisco Umbrella?

• A. application settings
• B. content categories
• C. security settings
• D. destination lists

Answer: D

NEW QUESTION 17
DRAG DROP
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18
Which deployment model is the most secure when considering risks to cloud adoption?

• A. public cloud
• B. hybrid cloud
• C. community cloud
• D. private cloud

Answer: D

NEW QUESTION 19
Which command enables 802.1X globally on a Cisco switch?

• A. dot1x system-auth-control
• B. dot1x pae authenticator
• C. authentication port-control auto
• D. aaa new-model

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/802_1x_commands.html

NEW QUESTION 20
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

• A. PaaS
• B. XaaS
• C. IaaS
• D. SaaS

Answer: A

NEW QUESTION 21
Refer to the exhibit.

What does the number 15 represent in this configuration?

• A. privilege level for an authorized user to this router
• B. access list that identifies the SNMP devices that can access the router
• C. interval in seconds between SNMPv3 authentication attempts
• D. number of possible failed attempts until the SNMPv3 user is locked out

Answer: B

NEW QUESTION 22
What provides visibility and awareness into what is currently occurring on the network?

• A. CMX
• B. WMI
• C. Prime Infrastructure
• D. Telemetry

Answer: C

NEW QUESTION 23
What is the difference between deceptive phishing and spear phishing?

• A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
• B. A spear phishing campaign is aimed at a specific person versus a group of people.
• C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
• D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Answer: B

NEW QUESTION 24
......