• Home
  • Articles
  • Pass Your 350-701 Dumps as PDF Updated on 2024 With 607 Questions [Q108-Q133]

Pass Your 350-701 Dumps as PDF Updated on 2024 With 607 Questions [Q108-Q133]

Share

Pass Your 350-701 Dumps as PDF Updated on 2024 With 607 Questions

Cisco 350-701 Real Exam Questions and Answers FREE


Cisco 350-701 certification exam, also known as Implementing and Operating Cisco Security Core Technologies, is a highly sought-after qualification in the field of networking and security. 350-701 exam tests the candidate’s knowledge and skills in implementing and operating core security technologies, such as network security, cloud security, endpoint protection, secure network access, visibility, and enforcement.

 

NEW QUESTION # 108
What is a characteristic of Firepower NGIPS inline deployment mode?

  • A. It cannot take actions such as blocking traffic.
  • B. ASA with Firepower module cannot be deployed.
  • C. It is out-of-band from traffic.
  • D. it must have inline interface pairs configured.

Answer: D


NEW QUESTION # 109
Refer to the exhibit.

Which command was used to display this output?

  • A. show dot1x
  • B. show dot1x all
  • C. show dot1x interface gi1/0/12
  • D. show dot1x all summary

Answer: B


NEW QUESTION # 110
Which type of dashboard does Cisco DNA Center provide for complete control of the network?

  • A. service management
  • B. centralized management
  • C. application management
  • D. distributed management

Answer: B

Explanation:
Cisco's DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass.


NEW QUESTION # 111
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

  • A. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud
  • B. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud
  • C. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud
  • D. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud You can also monitor on-premises networks in your organizations using Cisco Stealthwatch Cloud. In order to do so, you need to deploy at least one Cisco Stealthwatch Cloud Sensor appliance (virtual or physical appliance).

Answer: D


NEW QUESTION # 112
What is a commonality between DMVPN and FlexVPN technologies?

  • A. IOS routers run the same NHRP code for DMVPN and FlexVPN
  • B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
  • C. FlexVPN and DMVPN use the new key management protocol
  • D. FlexVPN and DMVPN use the same hashing algorithms

Answer: A

Explanation:
Explanation In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies. Reference: https://packetpushers.net/cisco-flexvpn-dmvpn-high-level-design/ In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.
Explanation In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies. Reference: https://packetpushers.net/cisco-flexvpn-dmvpn-high-level-design/


NEW QUESTION # 113
What is an advantage of the Cisco Umbrella roaming client?

  • A. the ability to dynamically categorize traffic to previously uncategorized sites
  • B. visibility into IP-based threats by tunneling suspicious IP connections
  • C. visibility into traffic that is destined to sites within the office environment
  • D. the ability to see all traffic without requiring TLS decryption

Answer: A


NEW QUESTION # 114
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

  • A. middleware
  • B. virtualization
  • C. applications
  • D. data
  • E. operating systems

Answer: C,D

Explanation:
Customers must manage applications and data in PaaS.


NEW QUESTION # 115
Which two Cisco ISE components must be configured for BYOD? (Choose two.)

  • A. guest
  • B. local WebAuth
  • C. null WebAuth
  • D. central WebAuth
  • E. dual

Answer: A,D


NEW QUESTION # 116
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Answer:

Explanation:


NEW QUESTION # 117
In which cloud services model is the tenant responsible for virtual machine OS patching?

  • A. IaaS
  • B. SaaS
  • C. PaaS
  • D. UCaaS

Answer: A


NEW QUESTION # 118
What is managed by Cisco Security Manager?

  • A. Cisco WSA
  • B. Cisco ESA
  • C. Cisco ASA
  • D. Cisco WLC

Answer: C

Explanation:
https://www.cisco.com/c/en/us/products/collateral/security/security-manager/datasheet-C78-737182.html


NEW QUESTION # 119
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

  • A. DEVNET
  • B. Talos
  • C. PSIRT
  • D. CSIRT

Answer: B

Explanation:
Reference:
https://talosintelligence.com/


NEW QUESTION # 120
What is a commonality between DMVPN and FlexVPN technologies?

  • A. IOS routers run the same NHRP code for DMVPN and FlexVPN
  • B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
  • C. FlexVPN and DMVPN use the new key management protocol
  • D. FlexVPN and DMVPN use the same hashing algorithms

Answer: A

Explanation:
In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.
In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.
Reference:
In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.


NEW QUESTION # 121
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

  • A. aaa new-model
  • B. auth-type all
  • C. ip device-tracking
  • D. aaa server radius dynamic-author

Answer: A


NEW QUESTION # 122
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

  • A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
  • B. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
  • C. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.
  • D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
  • E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.

Answer: D,E


NEW QUESTION # 123
Drag and drop the common security threats from the left onto the definitions on the right.

Answer:

Explanation:


NEW QUESTION # 124
What is a benefit of using Cisco FMC over Cisco ASDM?

  • A. Cisco FMC provides centralized management while Cisco ASDM does not.
  • B. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
  • C. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices
  • D. Cisco FMC uses Java while Cisco ASDM uses HTML5.

Answer: C

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html


NEW QUESTION # 125
Which system performs compliance checks and remote wiping?

  • A. ISE
  • B. OTP
  • C. MDM
  • D. AMP

Answer: C


NEW QUESTION # 126
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

  • A. CASB
  • B. Adaptive MFA
  • C. SIEM
  • D. Cisco Cloudlock

Answer: D

Explanation:
+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy.
+ Cloudlock is API-based.
+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).
Reference:
Note:
+ Security information and event management (SIEM) platforms collect log and event data from security systems, networks and computers, and turn it into actionable security insights.
+ An incident is a record of the triggering of an alerting policy. Cloud Monitoring opens an incident when a condition of an alerting policy has been met.


NEW QUESTION # 127
What is the purpose of the certificate signing request when adding a new certificate for a server?

  • A. It provides the server information so a certificate can be created and signed
  • B. It provides the certificate client information so the server can authenticate against it when installing
  • C. It is the certificate that will be loaded onto the server
  • D. It is the password for the certificate that is needed to install it with.

Answer: A

Explanation:
Explanation
Explanation
A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) that the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key


NEW QUESTION # 128
How is DNS tunneling used to exfiltrate data out of a corporate network?

  • A. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
  • B. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.
  • C. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.
  • D. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

Answer: D

Explanation:
Explanation
Domain name system (DNS) is the protocol that translates human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13. Because DNS messages are only used as the beginning of each communication and they are not intended for data transfer, many organizations do not monitor their DNS traffic for malicious activity. As a result, DNS-based attacks can be effective if launched against their networks. DNS tunneling is one such attack.
An example of DNS Tunneling is shown below:

The attacker incorporates one of many open-source DNS tunneling kits into an authoritative DNS nameserver (NS) and malicious payload.
2. An IP address (e.g. 1.2.3.4) is allocated from the attacker's infrastructure and a domain name (e.g. attackerdomain.com) is registered or reused. The registrar informs the top-level domain (.com) nameservers to refer requests for attackerdomain.com to ns.attackerdomain.com, which has a DNS record mapped to 1.2.3.4
3. The attacker compromises a system with the malicious payload. Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, P028X977W,...).
4. The payload initiates thousands of unique DNS record requests to the attacker's domain with each string as a part of the domain name (e.g. 3KJ242AIE9.attackerdomain.com). Depending on the attacker's patience and stealth, requests can be spaced out over days or months to avoid suspicious network activity. 5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver, 6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data. Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0
5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver,
6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data.
a part of the domain name (e.g. 3KJ242AIE9.attackerdomain.com). Depending on the attacker's patience and stealth, requests can be spaced out over days or months to avoid suspicious network activity. 5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver, 6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data. Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0


NEW QUESTION # 129
Which action controls the amount of URI text that is stored in Cisco WSA logs files?

  • A. Configure a maximum packet size.
  • B. Configure the advancedproxyconfig command with the HTTPS subcommand
  • C. Configure a small log-entry size.
  • D. Configure the datasecurityconfig command

Answer: B


NEW QUESTION # 130
Which algorithm provides encryption and authentication for data plane communication?

  • A. AES-GCM
  • B. SHA-384
  • C. SHA-96
  • D. AES-256

Answer: A

Explanation:
The data plane of any network is responsible for handling data packets that are transported across the network.
(The data plane is also sometimes called the forwarding plane.)
Maybe this Qwants to ask about the encryption and authentication in the data plane of a SD-WAN network (but SD-WAN is not a topic of the SCOR 350-701 exam?).
In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetrickey algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates.
The data plane of any network is responsible for handling data packets that are transported across the network.
(The data plane is also sometimes called the forwarding plane.)
Maybe this Qwants to ask about the encryption and authentication in the data plane of a SD-WAN network (but SD-WAN is not a topic of the SCOR 350-701 exam?).
In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetrickey algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates.
Reference:
The data plane of any network is responsible for handling data packets that are transported across the network.
(The data plane is also sometimes called the forwarding plane.)
Maybe this Qwants to ask about the encryption and authentication in the data plane of a SD-WAN network (but SD-WAN is not a topic of the SCOR 350-701 exam?).
In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetrickey algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates.


NEW QUESTION # 131
What is a difference between GETVPN and iPsec?

  • A. GETVPN is based on IKEv2 and does not support IKEv1.
  • B. GETVPN provides key management and security association management.
  • C. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub.
  • D. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

Answer: A


NEW QUESTION # 132
Which feature requires that network telemetry be enabled?

  • A. central syslog system
  • B. SNMP trap notification
  • C. per-interface stats
  • D. Layer 2 device discovery

Answer: A


NEW QUESTION # 133
......

Pass Cisco 350-701 Exam Info and Free Practice Test: https://exams4sure.pass4sures.top/CCNPSecurity/350-701-testking-braindumps.html

Related Articles

more
Cisco 350-701 Certification Practice Exam