Verified 350-701 Dumps Q&As - 350-701 Test Engine with Correct Answers [Q218-Q239]

Share

Verified 350-701 Dumps Q&As - 350-701 Test Engine with Correct Answers

Pass Your 350-701 Dumps as PDF Updated on 2023 With 607 Questions

NEW QUESTION # 218
Drag and drop the descriptions from the left onto the encryption algorithms on the right.

Answer:

Explanation:


NEW QUESTION # 219
DRAG DROP
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
Select and Place:

Answer:

Explanation:

Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/detecting_specific_threats.html


NEW QUESTION # 220
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

  • A. deliver and send copies to other recipients
  • B. quarantine and alter the subject header with a DLP violation
  • C. quarantine and send a DLP violation notification
  • D. deliver and add disclaimer text

Answer: B


NEW QUESTION # 221
Drag and drop the VPN functions from the left onto the description on the right.

Answer:

Explanation:


NEW QUESTION # 222
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

  • A. Orchestration
  • B. Container
  • C. Security
  • D. CI/CD pipeline

Answer: D

Explanation:
Unlike the traditional software life cycle, the CI/CD implementation process gives a weekly or daily update instead of monthly or quarterly. The fun part is customers won't even realize the update is in their applications, as they happen on the fly.


NEW QUESTION # 223
How does Cisco Advanced Phishing Protection protect users?

  • A. It determines which identities are perceived by the sender
  • B. It uses machine learning and real-time behavior analytics.
  • C. It utilizes sensors that send messages securely.
  • D. It validates the sender by using DKIM.

Answer: B

Explanation:
Cisco Advanced Phishing Protection provides sender authentication and BEC detection capabilities. It uses advanced machine learning techniques, real-time behavior analytics, relationship modeling, and telemetry to protect against identity deception-based threats.


NEW QUESTION # 224
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Answer:

Explanation:

https://www.cisco.com/c/en/us/products/collateral/security/ngips/datasheet-c78-742472.html
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html


NEW QUESTION # 225
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?

  • A. storm control
  • B. Bridge Protocol Data Unit guard
  • C. access control lists
  • D. embedded event monitoring

Answer: A

Explanation:
Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
By using the "storm-control broadcast level [falling-threshold]" we can limit the broadcast traffic on the switch.


NEW QUESTION # 226
What is a characteristic of a bridge group in ASA Firewall transparent mode?

  • A. It is a Layer 3 segment and includes one port and customizable access rules
  • B. It includes multiple interfaces and access rules between interfaces are customizable
  • C. It allows ARP traffic with a single access rule
  • D. It has an IP address on its BVI interface and is used for management traffic

Answer: B

Explanation:
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.
You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.
You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.
You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.
Reference:
Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.


NEW QUESTION # 227
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing. Which action should be taken to accomplish this goal?

  • A. Generate the RSA key using the crypto key generate rsa command.
  • B. Configure the port using the ip ssh port 22 command.
  • C. Disable telnet using the no ip telnet command.
  • D. Enable the SSH server using the ip ssh server command.

Answer: A

Explanation:
Explanation
https://learningnetwork.cisco.com/s/question/0D53i00000KsrhK/rsa-key


NEW QUESTION # 228
Drag and drop the descriptions from the left onto the encryption algorithms on the right.

Answer:

Explanation:


NEW QUESTION # 229
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.
Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

  • A. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
  • B. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
  • C. Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network.
  • D. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.
  • E. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Answer: A,E


NEW QUESTION # 230
Which compliance status is shown when a configured posture policy requirement is not met?

  • A. noncompliant
  • B. compliant
  • C. authorized
  • D. unknown

Answer: A


NEW QUESTION # 231
What features does Cisco FTDv provide over ASAv?

  • A. Cisco FTDv runs on AWS while Cisco ASAV does not.
  • B. Cisco FTDv runs on VMWare while Cisco ASAv does not.
  • C. Cisco FTDv provides IGB of firewall throughput while Cisco ASAv does not.
  • D. Cisco FTDv supports URL filtering while ASAV does not.

Answer: D


NEW QUESTION # 232
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

  • A. Endpoint Compliance Scanner
  • B. Cisco AMP for Endpoints
  • C. Cisco Endpoint Security Analytics
  • D. Security Posture Assessment Service

Answer: D


NEW QUESTION # 233
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

  • A. Accounting Reports
  • B. Context Visibility
  • C. Adaptive Network Control Policy List
  • D. RADIUS Live Logs

Answer: D

Explanation:
How To Troubleshoot ISE Failed Authentications & Authorizations
Check the ISE Live Logs
Login to the primary ISE Policy Administration Node (PAN).
Go to Operations > RADIUS > Live Logs
(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications Check for Any Failed Authentication Attempts in the Log


NEW QUESTION # 234
Refer to the exhibit.

What will occur when this device tries to connect to the port?

  • A. 802 1X and MAB will both be used and ISE can use policy to determine the access level
  • B. 802.1X will not work and the device will not be allowed network access
  • C. 802.1X will not work, but MAB will start and allow the device on the network.
  • D. 802 1X will work and the device will be allowed on the network

Answer: B


NEW QUESTION # 235
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

  • A. authentication server: Cisco Identity Service Engine
  • B. authenticator: Cisco Catalyst switch
  • C. authentication server: Cisco Prime Infrastructure
  • D. authenticator: Cisco Identity Services Engine
  • E. supplicant: Cisco AnyConnect ISE Posture module

Answer: A,B


NEW QUESTION # 236
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

  • A. VPC flow logs
  • B. NetFlow
  • C. mirror port
  • D. Flow

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/q-and-a-c67-737402.html


NEW QUESTION # 237
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Answer:

Explanation:


NEW QUESTION # 238
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.
Which task can you perform to determine where each message was lost?

  • A. Configure the trackingconfig command to enable message tracking.
  • B. Perform a trace.
  • C. Review the log files.
  • D. Generate a system report.

Answer: A


NEW QUESTION # 239
......

Pass Cisco 350-701 Exam Info and Free Practice Test: https://www.preppdf.com/Cisco/350-701-prepaway-exam-dumps.html

Cisco 350-701 Real Exam Questions and Answers FREE: https://drive.google.com/open?id=1ofh3UFRoel0-q3pYFqSU_IINXDLST_vm