PDF Only
$35.00 Free Updates Upto 90 Days
- 350-701 Dumps PDF
- 630 Questions
- Updated On May 13, 2024
PDF + Test Engine
$55.00 Free Updates Upto 90 Days
- 350-701 Question Answers
- 630 Questions
- Updated On May 13, 2024
Test Engine
$45.00 Free Updates Upto 90 Days
- 350-701 Practice Questions
- 630 Questions
- Updated On May 13, 2024
How to pass Cisco 350-701 exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Cisco 350-701 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know Cisco 350-701 Dumps are Worth it?
Did we mention our latest 350-701 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Cisco Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get 350-701 Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the 350-701 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
Cisco 350-701 Exam Overview:
| Exam Component | Description |
|---|---|
| Exam Code | 350-701 |
| Exam Name | Implementing and Operating Cisco Security Core Technologies (SCOR) |
| Exam Cost | $400 USD |
| Total Time | 120 minutes (1 hour 30 minutes) |
| Available Languages | English |
| Passing Marks | Cisco does not publish the passing score for its exams. It is subject to change without notice. |
| Exam Provider | Cisco |
Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Exam Topics Breakdown
| Domain | Weight (%) | Description |
|---|---|---|
| Security Concepts | 20% | Describe Information Security Concepts as well as Confidentiality, Integrity, Availability, and Common Principles |
| Network Security | 20% | Implement Network Security Solutions, Secure Network Devices, Cloud, and Virtualization Technologies |
| Securing the Cloud Environment | 25% | Describe Cloud Security Concepts and the Application of Cloud Security Solutions |
| Content Security | 15% | Implement Content Security Solutions and Secure Internet Protocols |
| Endpoint Protection and Detection | 20% | Implement Endpoint Security Solutions and Secure Windows and MacOS Systems |
Question # 1
What provides total management for mobile and PC including managing inventory and device tracking, remote view, and live troubleshooting using the included native remote desktop support?
A. mobile device management
B. mobile content management
C. mobile application management
D. mobile access management
Question # 2
Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.)
A. flow-export event-type
B. policy-map
C. access-list
D. flow-export template timeout-rate 15
E. access-group
Question # 3
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
A. supports VMware vMotion on VMware ESXi
B. requires an additional license
C. performs transparent redirection
D. supports SSL decryption
A. supports VMware vMotion on VMware ESXi
B. requires an additional license
C. performs transparent redirection
D. supports SSL decryption
Question # 4
What is the most commonly used protocol for network telemetry?
A. SMTP
B. SNMP
C. TFTP
D. NctFlow
Question # 5
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser
B. Disable the HTTPS server and use HTTP instead
C. Use the Cisco FTD IP address as the proxy server setting on the browser
D. Enable the HTTPS server for the device platform policy
Question # 6
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?
A. The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for
Endpoints tracks only URL-based threats.
B. The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity
C. AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.
D. AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.
Question # 7
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
A. Authorize Dropbox within the Platform settings in the Cisco Cloudlock portal.
B. Add Dropbox to the Cisco Cloudlock Authentication and API section in the Cisco Cloudlock portal.
C. Send an API request to Cisco Cloudlock from Dropbox admin portal.
D. Add Cisco Cloudlock to the Dropbox admin portal.
Question # 8
Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?
A. GET and serialNumber
B. userSudiSerlalNos and deviceInfo
C. POST and name
D. lastSyncTime and pid
Question # 9
What does endpoint isolation in Cisco AMP for Endpoints security protect from?
A. an infection spreading across the network E
B. a malware spreading across the user device
C. an infection spreading across the LDAP or Active Directory domain from a user account
D. a malware spreading across the LDAP or Active Directory domain from a user account
Question # 10
What are two benefits of using an MDM solution? (Choose two.)
A. grants administrators a way to remotely wipe a lost or stolen device
B. provides simple and streamlined login experience for multiple applications and users
C. native integration that helps secure applications across multiple cloud platforms or onpremises environments
D. encrypts data that is stored on endpoints
E. allows for centralized management of endpoint device applications and configurations
Question # 11
An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?
A. It is included m the license cost for the multi-org console of Cisco Umbrella
B. It can grant third-party SIEM integrations write access to the S3 bucket
C. No other applications except Cisco Umbrella can write to the S3 bucket
D. Data can be stored offline for 30 days.
Question # 12
Email security has become a high priority task for a security engineer at a large multinational organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the Cisco ESA Which action will the system perform to disable any links in messages that match the filter?
A. Defang
B. Quarantine
C. FilterAction
D. ScreenAction
Question # 13
Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?
A. Link Aggregation
B. Reverse ARP
C. private VLANs
D. Dynamic ARP Inspection
Question # 14
Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)
A. NTLMSSP
B. Kerberos
C. CHAP
D. TACACS+
E. RADIUS
Question # 15
Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?
A. Configure an advanced custom detection list.
B. Configure an IP Block & Allow custom detection list
C. Configure an application custom detection list
D. Configure a simple custom detection list
Question # 16
How does Cisco Workload Optimization portion of the network do EPP solutions solely performance issues?
A. It deploys an AWS Lambda system
B. It automates resource resizing
C. It optimizes a flow path
D. It sets up a workload forensic score
Question # 17
Which Cisco Firewall solution requires zone definition?
A. CBAC
B. Cisco AMP
C. ZBFW
D. Cisco ASA
Question # 18
Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?
A. api/v1/fie/config
B. api/v1/onboarding/pnp-device/import
C. api/v1/onboarding/pnp-device
D. api/v1/onboarding/workflow
Question # 19
Which capability is provided by application visibility and control?
A. reputation filtering
B. data obfuscation
C. data encryption
D. deep packet inspection
Question # 20
When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?
A. CDP
B. NTP
C. syslog
D. DNS
Question # 21
What is a benefit of using Cisco Umbrella?
A. DNS queries are resolved faster.
B. Attacks can be mitigated before the application connection occurs.
C. Files are scanned for viruses before they are allowed to run.
D. It prevents malicious inbound traffic.
Question # 22
Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)
A. It must include the current date.
B. It must reside in the trusted store of the WSA.
C. It must reside in the trusted store of the endpoint.
D. It must have been signed by an internal CA.
E. it must contain a SAN.
Question # 23
A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two.)
A. Segment different departments to different IP blocks and enable Dynamic ARp
inspection on all VLANs
B. Ensure that noncompliant endpoints are segmented off to contain any potential damage.
C. Ensure that a user cannot enter the network of another department.
D. Perform a posture check to allow only network access to (hose Windows devices that are already patched.
E. Put all company users in the trusted segment of NGFW and put all servers to the DMZ segment of the Cisco NGFW. ni
Question # 24
Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?
A. All traffic from any zone to the DMZ_inside zone will be permitted with no further
inspection
B. No traffic will be allowed through to the DMZ_inside zone regardless of if it's trusted or not
C. All traffic from any zone will be allowed to the DMZ_inside zone only after inspection
D. No traffic will be allowed through to the DMZ_inside zone unless it's already trusted
Question # 25
Email security has become a high priority task for a security engineer at a large multinational organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the Cisco ESA Which action will the system perform to disable any links in messages that match the filter?
A. Defang
B. Quarantine
C. FilterAction
D. ScreenAction
Question # 26
What are two workloaded security models? (Choose two)
A. SaaS
B. IaaS
C. on-premises
D. off-premises
E. PaaS
Question # 27
Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)
A. posture assessment
B. aaa authorization exec default local
C. tacacs-server host 10.1.1.250 key password
D. aaa server radius dynamic-author
E. CoA
Question # 28
Which open standard creates a framework for sharing threat intelligence in a machinedigestible format?
A. OpenC2
B. OpenlOC
C. CybOX
D. STIX
Question # 29
What is a characteristic of an EDR solution and not of an EPP solution?
A. stops all ransomware attacks
B. retrospective analysis
C. decrypts SSL traffic for better visibility
D. performs signature-based detection
Question # 30
What is the purpose of the Cisco Endpoint loC feature?
A. It provides stealth threat prevention.
B. lt is a signature-based engine.
C. lt is an incident response tool
D. It provides precompromise detection.
Question # 31
An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
A. EAPOL
B. SSH
C. RADIUS
D. TACACS+
Question # 32
Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?
A. AAA attributes
B. CoA request
C. AV pair
D. carrier-grade NAT
Question # 33
How does Cisco AMP for Endpoints provide next-generation protection?
A. It encrypts data on user endpoints to protect against ransomware.
B. It leverages an endpoint protection platform and endpoint detection and response.
C. It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from threat intelligence centers.
D. It integrates with Cisco FTD devices.
Question # 34
Refer to the exhibit. What is the result of using this authentication protocol in the configuration?
A. The authentication request contains only a username.
B. The authentication request contains only a password.
C. There are separate authentication and authorization request packets.
D. The authentication and authorization requests are grouped in a single packet.
Question # 35
Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?
A. imports requests
B. HTTP authorization
C. HTTP authentication
D. plays dent ID
Question # 36
Which two capabilities does an MDM provide? (Choose two.)
A. delivery of network malware reports to an inbox in a schedule
B. unified management of mobile devices, Macs, and PCs from a centralized dashboard
C. enforcement of device security policies from a centralized dashboard
D. manual identification and classification of client devices
E. unified management of Android and Apple devices from a centralized dashboard
Question # 37
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)
A. grants administrators a way to remotely wipe a lost or stolen device
B. provides simple and streamlined login experience for multiple applications and users
C. native integration that helps secure applications across multiple cloud platforms or onpremises environments
D. encrypts data that is stored on endpoints
E. allows for centralized management of endpoint device applications and configurations
Question # 38
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
A. Cisco FTD
B. Cisco ASA
C. Cisco Umbrella
D. Cisco ISE
Question # 39
Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?
A. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port,
and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports.
B. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, Gigabit Ethernet0/3 and GigabitEthernet0/4 as isolated ports C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port and GigabitEthernet0/3 and GrgabitEthernet0/4 as community ports
C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GrgabitEthernet0/4 as isolated ports.
Question # 40
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)
A. REST uses methods such as GET, PUT, POST, and DELETE.
B. REST codes can be compiled with any programming language.
C. REST is a Linux platform-based architecture.
D. The POST action replaces existing data at the URL path.
E. REST uses HTTP to send a request to a web service.
Question # 41
Which command is used to log all events to a destination colector 209.165.201.107?
A. CiscoASA(config-pmap-c)#flow-export event-type flow-update destination
209.165.201.10
B. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.
C. CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10
D. CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10
Question # 42
Which open standard creates a framework for sharing threat intelligence in a machinedigestible format?
A. OpenC2
B. OpenlOC
C. CybOX
D. STIX
Question # 43
During a recent security audit a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command The VPN peer is a SOHO router with a dynamically assigned IP address Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn sohoroutercompany.com In addition to the command crypto isakmp key Cisc425007536 hostname vpn.sohoroutercompany.com what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)
A. ip host vpn.sohoroutercompany.eom
B. crypto isakmp identity hostname
C. Add the dynamic keyword to the existing crypto map command
D. fqdn vpn.sohoroutercompany.com
E. ip name-server
Question # 44
What is the process In DevSecOps where all changes In the central code repository are merged and synchronized?
A. CD
B. EP
C. CI
D. QA
Question # 45
Which algorithm is an NGE hash function?
A. HMAC
B. SHA-1
C. MD5
D. SISHA-2
Question # 46
Which function is performed by certificate authorities but is a limitation of registration authorities?
A. accepts enrollment requests
B. certificate re-enrollment
C. verifying user identity
D. CRL publishing
Question # 47
What is the purpose of a NetFlow version 9 template record?
A. It specifies the data format of NetFlow processes.
B. It provides a standardized set of information about an IP flow.
C. lt defines the format of data records.
D. It serves as a unique identification number to distinguish individual data records
Question # 48
What is the term for the concept of limiting communication between applications or containers on the same node?
A. container orchestration
B. software-defined access
C. microservicing
D. microsegmentation
Question # 49
Which Cisco security solution stops exfiltration using HTTPS?
A. Cisco FTD
B. Cisco AnyConnect
C. Cisco CTA
D. Cisco ASA
Question # 50
A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)
A. using Cisco Umbrella
B. using Cisco ESA
C. using Cisco FTD
D. using an inline IPS/IDS in the network
E. using Cisco ISE
Question # 51
An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?
A. Advanced Custom Detection
B. Blocked Application
C. Isolation
D. Simple Custom Detection
Question # 52
Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced visibility,promote compliance,shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?
A. Cisco DNA Center
B. Cisco SDN
C. Cisco ISE
D. Cisco Security Compiance Solution
Question # 53
Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?
A. NTP
B. syslog
C. SNMP
D. NetFlow
Question # 54
An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?
A. sticky
B. static
C. aging
D. maximum
Question # 55
What is a function of Cisco AMP for Endpoints?
A. It detects DNS attacks
B. It protects against web-based attacks
C. It blocks email-based attacks
D. It automates threat responses of an infected host
Question # 56
Which feature requires that network telemetry be enabled?
A. per-interface stats
B. SNMP trap notification
C. Layer 2 device discovery
D. central syslog system
Question # 57
An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Clsc427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?
A. ntp server 192.168.1.110 primary key 1
B. ntp peer 192.168.1.110 prefer key 1
C. ntp server 192.168.1.110 key 1 prefer
D. ntp peer 192.168.1.110 key 1 primary
Question # 58
DoS attacks are categorized as what?
A. phishing attacks
B. flood attacks
C. virus attacks
D. trojan attacks
Question # 59
Which ESA implementation method segregates inbound and outbound email?
A. one listener on a single physical Interface
B. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address
C. pair of logical IPv4 listeners and a pair Of IPv6 listeners on two physically separate interfaces
D. one listener on one logical IPv4 address on a single logical interface
Question # 60
DoS attacks are categorized as what?
A. phishing attacks
B. flood attacks
C. virus attacks
D. trojan attacks
Question # 61
Which feature does the laaS model provide?
A. granular control of data
B. dedicated, restricted workstations
C. automatic updates and patching of software
D. software-defined network segmentation
Question # 62
Which threat intelligence standard contains malware hashes?
A. structured threat information expression
B. advanced persistent threat
C. trusted automated exchange or indicator information
D. open command and control
Question # 63
An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE Which action accomplishes this task?
A. Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot
get an IP address
B. Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE
C. Modify the DHCP relay and point the IP address to Cisco ISE.
D. Configure DHCP snooping on the switch VLANs and trust the necessary interfaces
Question # 64
An engineer recently completed the system setup on a Cisco WSA Which URL information does the system send to SensorBase Network servers?
A. Summarized server-name information and MD5-hashed path information
B. complete URL,without obfuscating the path segments
C. URL information collected from clients that connect to the Cisco WSA using Cisco
AnyConnect
D. none because SensorBase Network Participation is disabled by default
Question # 65
What is a benefit of using GET VPN over FlexVPN within a VPN deployment?
A. GET VPN supports Remote Access VPNs
B. GET VPN natively supports MPLS and private IP networks
C. GET VPN uses multiple security associations for connections
D. GET VPN interoperates with non-Cisco devices
Question # 66
Why should organizations migrate to a multifactor authentication strategy?
A. Multifactor authentication methods of authentication are never compromised
B. Biometrics authentication leads to the need for multifactor authentication due to its ability to be hacked easily
C. Multifactor authentication does not require any piece of evidence for an authentication mechanism
D. Single methods of authentication can be compromised more easily than multifactor authentication
Question # 67
Which API method and required attribute are used to add a device into DNAC with the native API?
A. lastSyncTime and pid
B. POST and name
C. userSudiSerialNos and devicelnfo
D. GET and serialNumber
Question # 68
What is the difference between EPP and EDR?
A. EPP focuses primarily on threats that have evaded front-line defenses that entered the
environment.
B. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.
C. EDR focuses solely on prevention at the perimeter.
D. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.
Question # 69
What is a benefit of flexible NetFlow records?
A. They are used for security
B. They are used for accounting
C. They monitor a packet from Layer 2 to Layer 5
D. They have customized traffic identification
Question # 70
Which feature must be configured before implementing NetFlow on a router?
A. SNMPv3
B. syslog
C. VRF
D. IP routing
Question # 71
A company recently discovered an attack propagating throughout their Windows network via a file named abc428565580xyz exe The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise What must be performed to ensure detection of the malicious file?
A. Upload the malicious file to the Blocked Application Control List
B. Use an Advanced Custom Detection List instead of a Simple Custom Detection List
C. Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis
D. Upload the SHA-256 hash for the file to the Simple Custom Detection List
Question # 72
An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?
A. Configure the default policy to redirect the requests to the correct policy
B. Place the policy with the most-specific configuration last in the policy order
C. Configure only the policy with the most recently changed timestamp
D. Make the correct policy first in the policy order
Question # 73
Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?
A. IaC
B. SaaS
C. IaaS
D. PaaS
Question # 74
Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?
A. IaC
B. SaaS
C. IaaS
D. PaaS
Question # 75
What is the concept of Cl/CD pipelining?
A. The project is split into several phases where one phase cannot start before the
previous phase finishes successfully.
B. The project code is centrally maintained and each code change should trigger an automated build and test sequence
C. The project is split into time-limited cycles and focuses on pair programming for
continuous code review
D. Each project phase is independent from other phases to maintain adaptiveness and continual improvement
Question # 76
An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?
A. Cisco FMC
B. CSM
C. Cisco FDM
D. CDO
Question # 77
Which solution allows an administrator to provision, monitor, and secure mobile devices on Windows and Mac computers from a centralized dashboard?
A. Cisco Umbrella
B. Cisco AMP for Endpoints
C. Cisco ISE
D. Cisco Stealthwatch
Question # 78
An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration Which solution best meets these requirements?
A. Cisco CloudLock
B. Cisco AppDynamics Cloud Monitoring
C. Cisco Umbrella
D. Cisco Stealthwatch
Question # 79
A large organization wants to deploy a security appliance in the public cloud to form a siteto-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?
A. Cisco Cloud Orchestrator
B. Cisco ASAV
C. Cisco WSAV
D. Cisco Stealthwatch Cloud
Question # 80
An engineer needs to detect and quarantine a file named abc424400664 zip based on the MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced Malware Protection (AMP) for Endpoints The configured detection method must work on files of unknown disposition Which Outbreak Control list must be configured to provide this?
A. Blocked Application
B. Simple Custom Detection
C. Advanced Custom Detection
D. Android Custom Detection
Question # 81
What are two functions of IKEv1 but not IKEv2? (Choose two)
A. NAT-T is supported in IKEv1 but rot in IKEv2.
B. With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext
C. With IKEv1, mode negotiates faster than main mode
D. IKEv1 uses EAP authentication
E. IKEv1 conversations are initiated by the IKE_SA_INIT message
Question # 82
What is the most common type of data exfiltration that organizations currently experience?
A. HTTPS file upload site
B. Microsoft Windows network shares
C. SQL database injections
D. encrypted SMTP
Question # 83
For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?
A. by specifying blocked domains in me policy settings
B. by specifying the websites in a custom blocked category
C. by adding the websites to a blocked type destination list
D. by adding the website IP addresses to the Cisco Umbrella blocklist
Question # 84
Which Cisco ISE feature helps to detect missing patches and helps with remediation?
A. posture assessment
B. profiling policy
C. authentication policy
D. enabling probes
Question # 85
When a Cisco WSA checks a web request, what occurs if it is unable to match a userdefined policy?
A. It blocks the request.
B. It applies the global policy.
C. It applies the next identification profile policy.
D. It applies the advanced policy.
Question # 86
Based on the NIST 800-145 guide, which cloud architecture may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises?
A. hybrid cloud
B. private cloud
C. public cloud
D. community cloud
Question # 87
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
A. Cisco ISE
B. Cisco NAC
C. Cisco TACACS+
D. Cisco WSA
Question # 88
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser
B. Disable the HTTPS server and use HTTP instead
C. Use the Cisco FTD IP address as the proxy server setting on the browser
D. Enable the HTTPS server for the device platform policy
Question # 89
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?
A. VMware APIC
B. VMwarevRealize
C. VMware fusion
D. VMware horizons
Question # 90
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
A. MDA on the router
B. PBR on Cisco WSA
C. WCCP on switch
D. DNS resolution on Cisco WSA
Question # 91
A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)
A. RADIUS communication must be permitted between the ISE server and the domain
controller.
B. The ISE account must be a domain administrator in Active Directory to perform JOIN
operations.
C. Active Directory only supports user authentication by using MSCHAPv2.
D. LDAP communication must be permitted between the ISE server and the domain
controller.
E. Active Directory supports user and machine authentication by using MSCHAPv2.
Question # 92
Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?
A. deployment
B. consumption
C. authoring
D. sharing
Question # 93
Why is it important to have a patching strategy for endpoints?
A. to take advantage of new features released with patches
B. so that functionality is increased on a faster scale when it is used
B. so that functionality is increased on a faster scale when it is used
D. so that patching strategies can assist with disabling nonsecure protocols in applications
Question # 94
How does the Cisco WSA enforce bandwidth restrictions for web applications?
A. It implements a policy route to redirect application traffic to a lower-bandwidth link.
B. It dynamically creates a scavenger class QoS policy and applies it to each client that
connects through the WSA.
C. It sends commands to the uplink router to apply traffic policing to the application traffic.
D. It simulates a slower link by introducing latency into application traffic.
Question # 95
What is a description of microsegmentation?
A. Environments deploy a container orchestration platform, such as Kubernetes, to
manage the application delivery.
B. Environments apply a zero-trust model and specify how applications on different servers
or containers can communicate
C. Environments deploy centrally managed host-based firewall rules on each server or
container.
D. Environments implement private VLAN segmentation to group servers with similar
applications.
Question # 96
Refer to the exhibit.What does the API key do while working with https://api.amp.cisco.com/v1/computers?
A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication
Question # 97
An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1 1 11 using the flow record Stea!thwatch406397954 command Which additional command is required to complete the flow record?
A. transport udp 2055
B. match ipv4 ttl
C. cache timeout active 60
D. destination 1.1.1.1
Question # 98
An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?
An administrator configures new authorization policies within Cisco ISE and has difficulty
profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the
RADIUS authentication are seen however the attributes for CDP or DHCP are not. What
should the administrator do to address this issue?
B. Configure the authentication port-control auto feature within Cisco ISE to identify the
devices that are trying to connect
C. Configure a service template within the switch to standardize the port configurations so
that the correct
information is sent to Cisco ISE
C. Configure a service template within the switch to standardize the port configurations so
that the correct
information is sent to Cisco ISE
Question # 99
When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?
A. guest
B. limited Internet
B. limited Internet
D. full Internet
Question # 100
Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?
A. filters
B. group key
C. company key
D. connector
Question # 101
Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?
A. Audit
B. Mandatory
C. Optional
D. Visibility
Question # 102
Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?
A. CoA-NCL
B. CoA-NAK
C. -
D. CoA-ACK
Question # 103
Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)
A. Cisco Umbrella
B. Cisco ISE
C. Cisco DNA Center
D. Cisco TrustSec
E. Cisco Duo Security
Question # 104
A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?
A. The hosts must run Cisco AsyncOS 10.0 or greater.
B. The hosts must run different versions of Cisco AsyncOS.
C. The hosts must have access to the same defined network.
D. The hosts must use a different datastore than the virtual appliance.
Question # 105
A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish this goal?
A. 3
B. 5
C. 10
D. 1
Question # 106
Which system performs compliance checks and remote wiping?
A. MDM
B. ISE
C. AMP
D. OTP
Question # 107
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
A. Cisco Tetration
B. Cisco ISE?
C. Cisco AMP for Network
D. Cisco AnyConnect
Question # 108
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
A. Cisco Tetration
B. Cisco ISE?
C. Cisco AMP for Network
D. Cisco AnyConnect
Question # 109
Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?
A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication
Question # 110
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect
Question # 111
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
A. service password-encryption
B. username privilege 15 password
C. service password-recovery
D. username < username> <password>
Question # 112
What is a feature of container orchestration?
A. ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane
B. ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane
C. ability to deploy Kubernetes clusters in air-gapped sites
D. automated daily updates
Question # 113
Which security solution protects users leveraging DNS-layer security?
A. Cisco ISE
B. Cisco FTD
C. Cisco Umbrella
D. Cisco ASA
Question # 114
Which type of encryption uses a public key and private key?
A. Asymmetric
B. Symmetric
C. Linear
D. Nonlinear
Question # 115
What is an advantage of the Cisco Umbrella roaming client?
A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment
Question # 116
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
A. Implement pre-filter policies for the CIP preprocessor
B. Enable traffic analysis in the Cisco FTD
C. Configure intrusion rules for the DNP3 preprocessor
D. Modify the access control policy to trust the industrial traffic
Question # 117
Which attribute has the ability to change during the RADIUS CoA?
A. NTP
B. Authorization
C. Accessibility
D. Membership
Question # 118
What are two things to consider when using PAC files with the Cisco WSA? (Choose two.)
A. If the WSA host port is changed, the default port redirects web traffic to the correct port
automatically.
B. PAC files use if-else statements to determine whether to use a proxy or a direct
connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.
D. The WSA hosts PAC files on port 6001 by default.
E. By default, they direct traffic through a proxy when the PC and the host are on the same
subnet.
Question # 119
When a next-generation endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation? (Choose two.)
A. signature-based endpoint protection on company endpoints
B. macro-based protection to keep connected endpoints safe
C. continuous monitoring of all files that are located on connected endpoints
D. email integration to protect endpoints from malicious content that is located in email
E. real-time feeds from global threat intelligence centers
Question # 120
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?
A. The engineer is attempting to upload a hash created using MD5 instead of SHA-256
B. The file being uploaded is incompatible with simple detections and must use advanced
detections
C. The hash being uploaded is part of a set in an incorrect format
D. The engineer is attempting to upload a file instead of a hash
Question # 121
Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?
A. routed mode
B. transparent mode
C. single context mode
D. multiple context mode
Question # 122
What is a difference between an XSS attack and an SQL injection attack?
A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks
can exist in many different types of applications
B. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks
can exist in many different types of applications
C. SQL injection attacks are used to steal information from databases whereas XSS
attacks are used to
redirect users to websites where attackers can steal data from them
D. XSS attacks are used to steal information from databases whereas SQL injection
attacks are used to
redirect users to websites where attackers can steal data from them
Question # 123
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?
A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service
Question # 124
Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?
A. Cisco Content Platform
B. Cisco Container Controller
C. Cisco Container Platform
D. Cisco Cloud Platform
Question # 125
Refer to the exhibit.Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials. However printer and video cameras cannot base d on the interface configuration provided, what must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?
A. Change the default policy in Cisco ISE to allow all devices not using machine
authentication .
B. Enable insecure protocols within Cisco ISE in the allowed protocols configuration.
C. Configure authentication event fail retry 2 action authorize vlan 41 on the interface
D. Add mab to the interface configuration.
Question # 126
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
A. Cisco NGFW
B. Cisco AnyConnect
C. Cisco AMP for Endpoints
D. Cisco Duo
