Cisco 350-701 SCOR Free Questions – New CCNP and CCIE Security Core

The Implementing and Operating Cisco Security Core Technologies v1.0 (SCOR 350-701) exam is a 120-minute exam associated with the CCNP Security, Cisco Certified Specialist – Security Core, and CCIE Security certifications.350-701 exam tests a candidate’s knowledge of implementing and operating core security technologies including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility and enforcements.

If you are going to prepare for your 350-701 SCOR exam, PassQuestion new released 350-701 SCOR exam questions should be your best choice, all questions are collected from real test which can help you pass your 350-701 SCOR exam easily.

View 350-701 SCOR Free Questions From PassQuestion Complete 350-701 Real Exam Questions

1. Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

security intelligence

impact flags

health monitoring

URL filtering

2. Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

The authentication request contains only a password

The authentication request contains only a username

The authentication and authorization requests are grouped in a single packet.

There are separate authentication and authorization request packets.

3. Which two preventive measures are used to control cross-site scripting? (Choose two.)

Enable client-side scripts on a per-domain basis.

Incorporate contextual output encoding/escaping.

Disable cookie inspection in the HTML inspection engine.

Run untrusted HTML input through an HTML sanitization engine.

SameSite cookie attribute should not be used.

4. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

correlation

intrusion

access control

network discovery

5. Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

show authentication registrations

show authentication method

show dot1x all

show authentication sessions

6. An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.

Which list contains the allowed recipient addresses?

SAT

BAT

HAT

RAT

7. Which two capabilities does TAXII support? (Choose two.)

exchange

pull messaging

binding

correlation

mitigating

8. Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

group policy

access control policy

device management policy

platform service policy

9. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

Cisco Identity Services Engine and AnyConnect Posture module

Cisco Stealthwatch and Cisco Identity Services Engine integration

Cisco ASA firewall with Dynamic Access Policies configured

Cisco Identity Services Engine with PxGrid services enabled

10. What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)

data exfiltration

command and control communication

intelligent proxy

snort

URL categorization

11. Refer to the exhibit.

Which command was used to display this output?

show dotlx all summary

show dotlx interface gil/O/12

show dotlx all

show dotl1x

12. What is managed by Cisco Security Manager?

Cisco ASA

Cisco WLC

Cisco WSA

Cisco ESA

13. Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained.

Which command should be configured on the switch interface in order to provide the user with network connectivity?

ip dhcp snooping trust

ip dhcp snooping verify mac-address

ip dhcp snooping vlan 41

ip dhcp snooping limit 41

14. Which feature is supported when deploying Cisco ASAv within the AWS public cloud?

multiple context mode

user deployment of Layer3 networks

clustering

lPv6

15. Which protocol provides the strongest throughput performance when using Cisco Anyconnect VPN?

TLSv1,1

TLSv1. 2

TLSv1

DTLSv1

16. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

overflowing the buffer’s memory

sending continuous pings

inserting malicious commands into the database

17. What are two DDoS attack categories? (Choose two)

sequential

protocol

database

volume-based

scree-based

18. When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

Common Vulnerabilities and Exposures

Common Exploits and Vulnerabilities

Common Security Exploits

Common Vulnerabilities, Exploits and Threats

19. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

20. An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device.

Which mechanism should the engineer configure to accomplish this goal?

mirror port

NetFlow

Flow

VPC flow logs

21. Refer to the exhibit.

A network administrator configures command authorization for the admin5 user What is the admin5 user able to do on HQ_Router after this configuration?

complete no configurations

add subinterfaces

complete all configurations

set the IP address of an interface

22. What provides visibility and awareness into what is currently occurring on the network?

CMX

WMI

Prime Infrastructure

Telemetry

23. how does DNS Tunneling exfiltrate data?

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions

An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection

24. what is a key difference between Cisco Firepower and Cisco ASA?

Cisco Firepower provides identity based access control while Cisco ASA does not.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Cisco ASA provides access control while Cisco Firepower does not

25. What is an attribute of the DevSecOps process?

security scanning and theoretical vulnerabilities

isolated security team

mandated security controls and check lists

development security

26. A network administrator configures Dynamic ARP Inspection on a switch After Dynamic ARP Inspection is applied all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces and there is no err-disabled interface.

What is causing this problem?

DHCP snooping has not been enabled on all VLANs.

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

Dynamic ARP Inspection has not been enabled on all VLANs

The no ip arp inspection trust command is applied on all user host interfaces

27. which compliance status is shown when a configured posture policy requirement is not met?

Authonzed

Compliant

Noncompliant

Unknown

28. What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two)

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

single sign-on access to on-premises and cloud applications

integration with 802. 1x security using native Microsoft Windows supplicant

secure access to on-premises and cloud applications

identification and correction of application vulnerabilities before allowing access to resources

29. What are two rootkit types? (Choose two.)

user mode

bootloader

virtual

registry

buffer mode

30. What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

Enable IP Layer enforcement

Enable Intelligent Proxy

Activate the Advanced Malware Protection license

Activate SSL decryption.

31. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Cognitive Threat Analytics

Cisco Talos Intelligence

Threat Intelligence Director

Encrypted Traffic Analytics

32. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

33. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Profile

Terminal

url

self-signed

34. An engineer has enabled LDAP accept queries on a listener. Malicious actors must be preventec from quickly identifying all valid recipients.

What must be done on the Cisco ESA to accomplish this goal?

Use Bounce Verification

Configure incoming content filters.

Configure Directory Harvest Attack Prevention

Bypass LDAP access queries in the recipient access table.

35. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

Cisco AnyConnect

Cisco Talos

Cisco Dynamic DNS

Cisco AMP

36. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

Eavesdropping

ARP spoofing

denial-of-service attacks

malware

exploits

37. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Cisco Cloudlock

Cisco App Dynamics

Cisco Umbrella

Cisco AMP

38. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

Content Category Blocking

File Analysis

Security Category Blocking

Application Control

39. While using Cisco Firepower’s Security Intelligence policies, which two criteria is Firepower block based upon? (Choose two)

URLs

port numbers

protocol IDs

MAC addresses

IP addresses

40. Which feature requires a network discovery policy on the Cisco Firepower NGIPS?

URL filtering

impact flags

health monitoring

security intelligence

41. What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

command and control communication

intelligent proxy

data exfiltration

URL categorization

snort

42. which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two)

configure policy-based routing on the network infrastructure

configure the proxy IP address in the web-browser settings

configure AD Group Policies to push proxy settings

use Web Cache Communication Protocol

reference a Proxy Auto Config file

43. What is the function of the Context Directory Agent?

maintains users’ group memberships

relays user authentication requests from Web Security Appliance to Active Directory

reads the Active Directory logs to map IP addresses to usernames

accepts user authentication requests on behalf of Web Security Appliance for user Identification

44. What is a characteristic of a bridge group in ASA Firewall transparent mode?

It includes multiple interfaces and access rules between interfaces are customizable.

It iS a Layer 3 segment and includes one port and customizable access rules,

lt allows ARP traffic with a single access rule.

It has an IP address on its BVI interface and is used for management traffic

45. Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMG. The Cisco FTD is not behind a NAT device.

Which command is needed to enable this on the Cisco FTD?

configure manager add DONTRESOLVE kregistration key>

configure manager add <FMC IP address> <registration key> 16

configure manager add DONTRESOLVE <registration key> FTD123

configure manager add <FMC IP address> <registration key>

46. Refer to the exhibit.

What will happen when the Python script is executed

The hostname will be printed for the client in the client ID field.

The script will pull all computer hostnames and print them.

The hostname will be translated to an IP address and printed.

The script will translate the IP address to FQDN and print it.

47. An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity.

After enabling the AVC engine, what must be done to implement this?

Use security services to configure the traffic monitor.

Use web security reporting to validate engine functionality.

Use URL categorization to prevent the application traffic.

Use an access policy group to configure application control settings.

48. organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a

message added to flag it as a DLP violation.

Which actions must be performed in order to provide this capability?

quarantine and alter the subject header with a DLP violation

deliver and add disclaimer text

deliver and send copies to other recipients

quarantine and send a DLP violation notification

49. Which factor must be considered when choosing the on-premise solution over the cloud-based one?

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product

With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider responsiblefor it.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a Cloud-based solution, the customer is responsible for it.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

50. Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

BYOD onboarding

Simple Certificate Enrollment Protocol

MAC authentication bypass

client provisioning

51. Which two key and block sizes are valid for AES? (Choose two.)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

52. Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

show authentication registrations

show authentication method

show dot1x all

show authentication sessions

53. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

54. Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

Platform Exchange Grid

Advanced Malware Protection

Multifactor Platform Integration

Firepower Threat Defense

55. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

profile

terminal

selfsigned

56. What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

blocked ports

simple custom detections

command and control

allowed applications

URL

57. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.

What must be configured, based on a predefined threshold, to address this issue?

Bridge Protocol Data Unit guard

embedded event monitoring

access control lists

Storm Control

58. What is the purpose of the certificate signing request when adding a new certificate for a server?

It is the password for the certificate that is needed to install it with.

It provides the server information so a certificate can be created and signed

It is the certificate that will be loaded onto the server

It provides the certificate client information so the server can authenticate against it when installing

59. In which cloud services model is the tenant responsible for virtual machine OS patching?

IaaS

UCaaS

PaaS

SaaS

60. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints’ network connections.

It protects endpoint systems through application control and real-time scanning.

It enables behavioral analysis to be used for the endpoints.

61. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

62. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

STIX

XMPP

pxGrid

SMTP

63. Which Dos attack uses fragmented packets to crash a target machine?

teardrop

MITM

smurf

LAND

64. Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose Two)

westbound AP

southbound API

northbound API

eastbound API

65. Which two cryptographic algorithms are used with IPsec? {Choose two.)

AES-BAC

AES-ABC

HMAC-SHA1/SHA2

Triple AMC-CBC

AES-CBC

66. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

67. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

68. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

Security Manager

Cloudlock

Web Security Appliance

Cisco ISE

69. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

70. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)

eavesdropping

denial-of-service attacks

ARP spoofing

malware

exploits

71. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

72. What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

TACACS+

central web auth

single sign-on

multiple factor auth

local web auth

73. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

74. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications.

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

improper file security

software bugs on applications

unencrypted links for traffic

75. What must be used to share data between multiple security products?

Cisco Stealthwatch Cloud

Cisco Advanced Malware Protection

Cisco Platform Exchange Grid

Cisco Rapid Threat Containment

76. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

77. Drag and drop the descriptions from the left onto the correct protocol versions on the right.

78. What is the purpose of the My Devices Portal in a Cisco ISE environment?

to manage and deploy antivirus definitions and patches on systems owned by the end user

to register new laptops and mobile devices

to provision userless and agentless systems

to request a newly provisioned mobile device

79. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

80. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

81. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

Put

Option

Get

Push

Connect

82. What is the function of the Context Directory Agent?

accepts user authentication requests on behalf of Web Security Appliance for user identification

relays user authentication requests from Web Security Appliance to Active Directory

maintains users’ group memberships

reads the Active Directory logs to map IP addresses to usernames

83. Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

to prevent theft of the endpoints

because defense-in-depth stops at the network

to expose the endpoint to more threats

because human error or insider threats will still exist

84. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Encrypted Traffic Analytics

Threat Intelligence Director

Cognitive Threat Analytics

Cisco Talos Intelligence

85. Drag and drop the threats from the left onto examples of that threat on the right

86. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Cisco Cloudlock

Cisco Umbrella

Cisco AMP

Cisco App Dynamics

87. When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

Multiple routers or VRFs are required.

Traffic is distributed statically by default.

Floating static routes are required.

HSRP is used for fallover.

88. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

BJTLSvl

TLSv1.1

DTLSv1

89. An engineer wants to automatically assign endpoints that have a specific OUl into a new endpoint group.

Which probe must be enabled for this type of profiling to work?

NetFlow

DHCP

SNMP

NMAP

90. Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

91. A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network.

Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)

permit

trust

reset

allow

monitor

92. Which two capabilities does TAXII support? (Choose two.)

exchange

pull messaging

binding

correlation

mitigating

93. Which algorithm provides asymmetric encryption?

RC4

RSA

AES

3DES

94. What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

ASDM

desktop client

API

NetFlow

95. An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism.

Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

TCP 6514

UDP 1700

TCP 49

UDP 1812

96. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

97. Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

Google Cloud Platform

Red Hat Enterprise Visualization

VMware ESXi

Amazon Web Services

98. Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

virtualization

middleware

operating systems

applications

data

99. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

Paas

Xaas

Iaas

Saas

100. An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA.

Which Cisco ASA command must be used?

flow exporter <name>

ip flow monitor<name> input

ip flow-export destination 1.1.1.1 2055

flow-export destination inside 1.1.1.1 2055

101. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

smurf

distributed denial of service

cross-site scripting

rootkit exploit

102. What is managed by Cisco Security Manager?

WSA

ASA

access point O

ESA

103. Why would a user choose an on-premises ESA versus the CES solution?

Sensitive data must remain onsite

Demand is unpredictable

The server team wants to outsource this service.

ESA is deployed inline

104. An engineer is configuring AMP for endpoints and wants to block certain files from executing.

Which outbreak control method is used to accomplish this task?

device flow correlation

simple detections

application blocking list

advanced custom detections

105. What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

EPP focuses on network security, and EDR focuses on device security.

EDR focuses on network security, and EPP focuses on device security.

106. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

Certificate Trust List

Endpoint Trust List

Enterprise Proxy Service

Secured Collaboration Proxy

107. Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

Cisco WiSM

Cisco ESA

Cisco ISE

Cisco Prime Infrastructure

108. Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)

Create an ACL to allow UDP traffic on port 9996.

Enable NetFlow Version 9.

Create a class map to match interesting traffic.

Apply NetFlow Exporter to the outside interface in the inbound direction.

Define a NetFlow collector by using the flow-export command.

109. Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

gather network telemetry information from AMP for endpoints

create an SNMP pull mechanism for managing AMP

get the process and PID information from the computers in the network

gather the network interface information about the computers AMP sees

110. Refer to the exhibit.

A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status.

What is the problem according to this command output?

hashing algorithm mismatch

interesting traffic was not applied

authentication key mismatch

encryption algorithm mismatch

111. Refer to the exhibit.

A network administrator configures command authorization for the admm5 user.

What is the admin5 user able to do on HQ_Router after this configuration?

complete no configurations

add subinterfaces

complete all configurations

set the IP address of an interface

112. Which deployment model is the most secure when considering risks to cloud adoption?

public cloud

hybrid cloud

community cloud

private cloud

113. Refer to the exhibit.

Which type of authentication is in use?

LDAP authentication for Microsoft Outlook

POP3 authentication

SMTP relay server authentication

external user and relay mail authentication

114. An MDM provides which two advantages to an organization with regards to device management? (Choose two.)

asset inventory management

allowed application management

Active Directory group policy management

network device management

critical device management

115. Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

ip device-tracking

aaa new-model

aaa server radius dynamic-author

auth-type all

116. How is ICMP used an exfiltration technique?

by flooding the destination host with unreachable packets

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

by overwhelming a targeted host with ICMP echo-request packets

117. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

118. Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

119. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

quality of service

time synchronization

network address translations

intrusion policy

120. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

Cisco Identity Services Engine and AnyConnect Posture module

Cisco Stealth watch and Cisco Identity Services Engine integration

Cisco ASA firewall with Dynamic Access Policies configured

Cisco Identity Services Engine with PxGrid services enabled

121. What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

Public managed

Service Provider managed

Enterprise managed

User managed

Hybrid managed

122. Which technology reduces data loss by identifying sensitive information stored in public computing environments?

Cisco SDA

Cisco Firepower

Cisco HyperFlex

Cisco Cloudlock

123. Under which two circumstances is a CoA issued? (Choose two.)

A new authentication rule was added to the policy on the Policy Service node

An endpoint is deleted on the Identity Service Engine server

A new Identity Source Sequence is created and referenced in the authentication policy

An endpoint is profiled for the first time

A new Identity Service Engine server is added to the deployment with the Administration persona

124. What are two functions of secret key cryptography? (Choose two.)

key selection without integer factorization

utilization of different keys for encryption and decryption

utilization of large prime number iterations

utilization of less memory

provides the capability to only know the key on one side

125. What is a feature of the open platform capabilities of Cisco DNA Center?

domain integration

intent-based APIs

automation adapters

application adapters

126. An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device.

Which mechanism should the engineer configure to accomplish this goal?

mirror port

NetFlow

Flow

VPC flow logs

127. For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs?

LDAP

SDP

subordinate CA

HTTP

SCP

128. How does Cisco Stealthwatch Cloud provide security for cloud environments?

It delivers visibility and threat detection.

It prevents exfiltration of sensitive data.

It assigns Internet-based DNS protection for clients and servers

It facilitates secure connectivity between public and private networks

129. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

SDN controller and the cloud

management console and the SDN controller

management console and the cloud

SDN controller and the management solution

130. An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

Configure the Cisco WSA to modify policies based on the traffic seen.

Configure the Cisco ESA to receive real-time updates from Talos

Configure the Cisco WSA to receive real-time updates from Talos.

Configure the Cisco ESA to modify policies based on the traffic seen.

131. Which attack type attempts to shut down a machine or network so that users are not able to access it?

IP spoofing

bluesnarfing

MAC spoofing

smurf

132. Which algorithm provides encryption and authentication for data plane communication?

AES-GCM

SHA-96

AES-256

SHA-384

133. What is a commonality between DMVPN and FlexVPN technologies?

FlexVPN and DMVPN use the same hashing algorithms.

IOS routers run the same NHRP code for DMVPN and FlexVP

FlexVPN and DMVPN use the new key management protocol.

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

134. An organization is receiving SPAM emails from a known malicious domain.

What must be configured in order to prevent the session during the initial TCP communication?

Configure the Cisco ESA to drop the malicious emails.

Configure policies to quarantine malicious emails.

Configure policies to stop and reject communication

Configure the Cisco ESA to reset the TCP connection.

135. What is a difference between DMVPN and sVTI?

DMVPN supports tunnel encryption, whereas sVTI does not.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

DMVPN supports static tunnel establishment, whereas sVTI does not.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

136. Refer to the exhibit.

Which command was used to display this output?

show dot1x all

show dot1x

show dot1x all summary

show dot1x interface gi1/0/12

137. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

sending continuous pings

overflowing the buffer’s memory

inserting malicious commands into the database

138. Which form of attack is launched using botnets?

virus

EIDDOS

TCP flood

ODOS

139. Which command enables 802.1X globally on a Cisco switch?

dot1x system-auth-control

dot1x pae authenticator

authentication port-control auto

aaa new-model

140. What features does Cisco FTDv provide over ASAv?

Cisco FTDv runs on VMWare while ASAv does not

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

Cisco FTDv supports URL filtering while ASAv does not

Cisco FTDv runs on AWS while ASAv does not

141. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

correlation

intrusion

access control

network discovery

142. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

Check integer, float, or Boolean string parameters to ensure accurate values

Use prepared statements and parameterized queries.

Secure the connection between the web and the app tier

Write SQL code instead of using object-relational mapping libraries

Block SQL code execution in the web application database login.

143. When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

Common Vulnerabilities and Exposures

Common Exploits and Vulnerabilities

Common Security Exploits

Common Vulnerabilities, Exploits and Threats

144. 0.0.0 command on host A The tunnel is not being established to host B.

What action is needed to authenticate the VPN?

Enter the same command on host

Enter the command with a different password on host

Change isakmp to ikev2 in the command on host

Change the password on host A to the default password.

145. What are two benefits of Flexible NetFlow records? (Choose two)

They provide attack prevention by dropping the traffic.

They allow the user to configure flow information to perform customized traffic identification

They provide accounting and billing enhancements

They provide monitoring of a wider range of IP packet information from Layer 2 to 4.

They converge multiple accounting technologies into one accounting mechanism

146. What is a characteristic of Firepower NGIPS inline deployment mode?

It cannot take actions such as blocking traffic.

ASA with Firepower module cannot be deployed.

it must have inline interface pairs configured.

It is out-of-band from traffic.

147. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

Application Control

Security Category Blocking

Content Category Blocking

File Analysis

148. What is the primary role of the Cisco Email Security Appliance?

Mail Submission Agent

Mail Transfer Agent

Mail Delivery Agent

Mail User Agent

149. Refer to the exhibit.

What does the number 15 represent in this configuration?

privilege level for an authorized user to this router

access list that identifies the SNMP devices that can access the router

interval in seconds between SNMPv3 authentication attempts

number of possible failed attempts until the SNMPv3 user is locked out

150. Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)

DDoS

antispam

antivirus

encryption

DLP

151. Which two key and block sizes are valid for AES? (Choose two.)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

152. Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

show authentication registrations

show authentication method

show dot1x all

show authentication sessions

153. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

154. Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

Platform Exchange Grid

Advanced Malware Protection

Multifactor Platform Integration

Firepower Threat Defense

155. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

profile

terminal

selfsigned

156. What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

blocked ports

simple custom detections

command and control

allowed applications

URL

157. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network .

What must be configured, based on a predefined threshold, to address this issue?

Bridge Protocol Data Unit guard

embedded event monitoring

access control lists

Storm Control

158. What is the purpose of the certificate signing request when adding a new certificate for a server?

It is the password for the certificate that is needed to install it with.

It provides the server information so a certificate can be created and signed

It is the certificate that will be loaded onto the server

It provides the certificate client information so the server can authenticate against it when installing

159. In which cloud services model is the tenant responsible for virtual machine OS patching?

IaaS

UCaaS

PaaS

SaaS

160. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints’ network connections.

It protects endpoint systems through application control and real-time scanning.

It enables behavioral analysis to be used for the endpoints.

161. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

162. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

STIX

XMPP

pxGrid

SMTP

163. Which Dos attack uses fragmented packets to crash a target machine?

teardrop

MITM

smurf

LAND

164. Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose Two)

westbound AP

southbound API

northbound API

eastbound API

165. Which two cryptographic algorithms are used with IPsec? {Choose two.)

AES-BAC

AES-ABC

HMAC-SHA1/SHA2

Triple AMC-CBC

AES-CBC

166. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

167. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

168. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

Security Manager

Cloudlock

Web Security Appliance

Cisco ISE

169. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE .

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

170. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)

eavesdropping

denial-of-service attacks

ARP spoofing

malware

exploits

171. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

172. What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

TACACS+

central web auth

single sign-on

multiple factor auth

local web auth

173. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

174. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications .

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

improper file security

software bugs on applications

unencrypted links for traffic

175. What must be used to share data between multiple security products?

Cisco Stealthwatch Cloud

Cisco Advanced Malware Protection

Cisco Platform Exchange Grid

Cisco Rapid Threat Containment

176. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

177. Drag and drop the descriptions from the left onto the correct protocol versions on the right.

178. What is the purpose of the My Devices Portal in a Cisco ISE environment?

to manage and deploy antivirus definitions and patches on systems owned by the end user

to register new laptops and mobile devices

to provision userless and agentless systems

to request a newly provisioned mobile device

179. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

180. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

181. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

Put

Option

Get

Push

Connect

182. What is the function of the Context Directory Agent?

accepts user authentication requests on behalf of Web Security Appliance for user identification

relays user authentication requests from Web Security Appliance to Active Directory

maintains users’ group memberships

reads the Active Directory logs to map IP addresses to usernames

183. Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

to prevent theft of the endpoints

because defense-in-depth stops at the network

to expose the endpoint to more threats

because human error or insider threats will still exist

184. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Encrypted Traffic Analytics

Threat Intelligence Director

Cognitive Threat Analytics

Cisco Talos Intelligence

185. Drag and drop the threats from the left onto examples of that threat on the right

186. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Cisco Cloudlock

Cisco Umbrella

Cisco AMP

Cisco App Dynamics

187. When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

Multiple routers or VRFs are required.

Traffic is distributed statically by default.

Floating static routes are required.

HSRP is used for fallover.

188. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

BJTLSvl

TLSv1.1

DTLSv1

189. An engineer wants to automatically assign endpoints that have a specific OUl into a new endpoint group.

Which probe must be enabled for this type of profiling to work?

NetFlow

DHCP

SNMP

NMAP

190. Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

191. A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network .

Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)

permit

trust

reset

allow

monitor

192. Which two capabilities does TAXII support? (Choose two.)

exchange

pull messaging

binding

correlation

mitigating

193. Which algorithm provides asymmetric encryption?

RC4

RSA

AES

3DES

194. What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

ASDM

desktop client

API

NetFlow

195. An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism .

Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

TCP 6514

UDP 1700

TCP 49

UDP 1812

196. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

197. Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

Google Cloud Platform

Red Hat Enterprise Visualization

VMware ESXi

Amazon Web Services

198. Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

virtualization

middleware

operating systems

applications

data

199. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

Paas

Xaas

Iaas

Saas

200. An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA .

Which Cisco ASA command must be used?

flow exporter <name>

ip flow monitor<name> input

ip flow-export destination 1.1.1.1 2055

flow-export destination inside 1.1.1.1 2055

201. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

smurf

distributed denial of service

cross-site scripting

rootkit exploit

202. What is managed by Cisco Security Manager?

WSA

ASA

access point O

ESA

203. Why would a user choose an on-premises ESA versus the CES solution?

Sensitive data must remain onsite

Demand is unpredictable

The server team wants to outsource this service.

ESA is deployed inline

204. An engineer is configuring AMP for endpoints and wants to block certain files from executing .

Which outbreak control method is used to accomplish this task?

device flow correlation

simple detections

application blocking list

advanced custom detections

205. What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

EPP focuses on network security, and EDR focuses on device security.

EDR focuses on network security, and EPP focuses on device security.

206. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

Certificate Trust List

Endpoint Trust List

Enterprise Proxy Service

Secured Collaboration Proxy

207. Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

Cisco WiSM

Cisco ESA

Cisco ISE

Cisco Prime Infrastructure

208. Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)

Create an ACL to allow UDP traffic on port 9996.

Enable NetFlow Version 9.

Create a class map to match interesting traffic.

Apply NetFlow Exporter to the outside interface in the inbound direction.

Define a NetFlow collector by using the flow-export command.

209. Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

gather network telemetry information from AMP for endpoints

create an SNMP pull mechanism for managing AMP

get the process and PID information from the computers in the network

gather the network interface information about the computers AMP sees

210. Refer to the exhibit.

hashing algorithm mismatch

interesting traffic was not applied

authentication key mismatch

encryption algorithm mismatch

211. Refer to the exhibit.

A network administrator configures command authorization for the admm5 user .

What is the admin5 user able to do on HQ_Router after this configuration?

complete no configurations

add subinterfaces

complete all configurations

set the IP address of an interface

212. Which deployment model is the most secure when considering risks to cloud adoption?

public cloud

hybrid cloud

community cloud

private cloud

213. Refer to the exhibit.

Which type of authentication is in use?

LDAP authentication for Microsoft Outlook

POP3 authentication

SMTP relay server authentication

external user and relay mail authentication

214. An MDM provides which two advantages to an organization with regards to device management? (Choose two.)

asset inventory management

allowed application management

Active Directory group policy management

network device management

critical device management

215. Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

ip device-tracking

aaa new-model

aaa server radius dynamic-author

auth-type all

216. How is ICMP used an exfiltration technique?

by flooding the destination host with unreachable packets

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

by overwhelming a targeted host with ICMP echo-request packets

217. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

218. Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

219. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

quality of service

time synchronization

network address translations

intrusion policy

220. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

Cisco Identity Services Engine and AnyConnect Posture module

Cisco Stealth watch and Cisco Identity Services Engine integration

Cisco ASA firewall with Dynamic Access Policies configured

Cisco Identity Services Engine with PxGrid services enabled

221. What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

Public managed

Service Provider managed

Enterprise managed

User managed

Hybrid managed

222. Which technology reduces data loss by identifying sensitive information stored in public computing environments?

Cisco SDA

Cisco Firepower

Cisco HyperFlex

Cisco Cloudlock

223. Under which two circumstances is a CoA issued? (Choose two.)

A new authentication rule was added to the policy on the Policy Service node

An endpoint is deleted on the Identity Service Engine server

A new Identity Source Sequence is created and referenced in the authentication policy

An endpoint is profiled for the first time

A new Identity Service Engine server is added to the deployment with the Administration persona

224. What are two functions of secret key cryptography? (Choose two.)

key selection without integer factorization

utilization of different keys for encryption and decryption

utilization of large prime number iterations

utilization of less memory

provides the capability to only know the key on one side

225. What is a feature of the open platform capabilities of Cisco DNA Center?

domain integration

intent-based APIs

automation adapters

application adapters

226. An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device.

Which mechanism should the engineer configure to accomplish this goal?

mirror port

NetFlow

Flow

VPC flow logs

227. For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs?

LDAP

SDP

subordinate CA

HTTP

SCP

228. How does Cisco Stealthwatch Cloud provide security for cloud environments?

It delivers visibility and threat detection.

It prevents exfiltration of sensitive data.

It assigns Internet-based DNS protection for clients and servers

It facilitates secure connectivity between public and private networks

229. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

SDN controller and the cloud

management console and the SDN controller

management console and the cloud

SDN controller and the management solution

230. An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

Configure the Cisco WSA to modify policies based on the traffic seen.

Configure the Cisco ESA to receive real-time updates from Talos

Configure the Cisco WSA to receive real-time updates from Talos.

Configure the Cisco ESA to modify policies based on the traffic seen.

231. Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

DNS tunneling

DNSCrypt

DNS security

DNSSEC

232. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

233. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

DMVPN

FlexVPN

IPsec DVTI

GET VPN

234. What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only

235. Which statement about IOS zone-based firewalls is true?

An unassigned interface can communicate with assigned interfaces

Only one interface can be assigned to a zone

An interface can be assigned to multiple zones

An interface can be assigned only to one zone

236. Which two key and block sizes are valid for AES? (Choose two.)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

237. An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth.

Which product meets all of these requirements?

Cisco Prime Infrastructure

Cisco Identity Services Engine

Cisco Stealth watch

Cisco AMP for Endpoints

238. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

To view bandwidth usage for NetFlow records, the QoS feature must be enabled

A sysopt command can be used to enable NSEL on a specific interface.

NSEL can be used without a collector configured

A flow-export event type must be defined under a policy.

239. Which two preventive measures are used to control cross-site scripting? (Choose two.)

Enable client-side scripts on a per-domain basis

Incorporate contextual output encoding/escaping

Disable cookie inspection in the HTML inspection engine

Run untrusted HTML input through an HTML sanitization engine

SameSite cookie attribute should not be used

240. Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

IP Blacklist Center

File Reputation Center

AMP Reputation Center

IP and Domain Reputation Center

241. Which command enables 802.1X globally on a Cisco switch?

dot1x system-auth-control

dot1x pae authenticator

authentication port-control auto

aaa new-model

242. Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

phishing

brute force

man-in-the-middle

DDOS

tear drop

243. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

244. Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

RADIUS

TACACS+

DHCP

sFlow

SMTP

245. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

246. Which ASA deployment mode can provide separation of management on a shared appliance?

DMZ multiple zone mode

transparent firewall mode

multiple context mode

routed mode

247. Which deployment model is the most secure when considering risks to cloud adoption?

public cloud

hybrid cloud

community cloud

private cloud

248. How is ICMP used an exfiltration technique?

by flooding the destination host with unreachable packets

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

by overwhelming a targeted host with ICMP echo-request packets

249. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

Cisco Identity Services Engine and AnyConnect Posture module

Cisco Stealthwatch and Cisco Identity Services Engine integration

Cisco ASA firewall with Dynamic Access Policies configured

Cisco Identity Services Engine with PxGrid services enabled

250. Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

251. Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

SNMP

SMTP

syslog

model-driven telemetry

252. Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true

The authentication request contains only a password

The authentication request contains only a username

The authentication and authorization requests are grouped in a single packet

There are separate authentication and authorization request packets

253. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?.

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

254. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

255. Which two behavioral patterns characterize a ping of death attack? (Choose two.)

The attack is fragmented into groups of 16 octets before transmission.

The attack is fragmented into groups of 8 octets before transmission

Short synchronized bursts of traffic are used to disrupt TCP connections.

Malformed packets are used to crash systems

Publicly accessible DNS servers are typically used to execute the attack

256. Which two descriptions of AES encryption are true? (Choose two.)

AES is less secure than 3DES

AES is more secure than 3DES

AES can use a 168-bit key for encryption.

AES can use a 256-bit key for encryption.

AES encrypts and decrypts a key three times in sequence

257. What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

It decrypts HTTPS application traffic for unauthenticated users

It alerts users when the WSA decrypts their traffic.

It decrypts HTTPS application traffic for authenticated users.

It provides enhanced HTTPS application detection for AsyncO

258. An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.

Which list contains the allowed recipient addresses?

SAT

BAT

HAT

RAT

259. An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint
patch level is met before allowing access on the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion

260. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

Paas

Xaas

Iaas

Saas

261. Which algorithm provides encryption and authentication for data plane communication?

AES-GCM

SHA-96

AES-256

SHA-384

262. When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

authentication server: Cisco Identity Service Engine

supplicant: Cisco AnyConnect ISE Posture module

authenticator: Cisco Catalyst switch

authenticator: Cisco Identity Services Engine

authentication server: Cisco Prime Infrastructure

263. Which two mechanisms are used to control phishing attacks? (Choose two.)

Enable browser alerts for fraudulent websites

Define security group memberships

Revoke expired CRL of the websites

Use antispyware software

Implement email filtering techniques

264. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

Certificate Trust List

Endpoint Trust List

Enterprise Proxy Service

Secured Collaboration Proxy

265. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

smurf

distributed denial of service

cross-site scripting

rootkit exploit

266. Which VPN technology can support a multivendor environment and secure traffic between sites?

SSL VPN

GET VPN

FlexVPN

DMVPN

267. In a PaaS model, which layer is the tenant responsible for maintaining and patching?

hypervisor

virtual machine

network

application

268. For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

computer identity

Windows service

user identity

Windows firewall

default browser

269. What is a characteristic of traffic storm control behavior?

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval

Traffic storm control cannot determine if the packet is unicast or broadcast

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

270. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

271. Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

security intelligence

impact flags

health monitoring

URL filtering

272. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

AMP

AnyConnect

DynDNS

Talos

273. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

It tracks flow-create, flow-teardown, and flow-denied events

It provides stateless IP flow tracking that exports all records of a specific flow

It tracks the flow continuously and provides updates every 10 seconds.

Its events match all traffic classes in parallel.

274. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

275. Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)

accounting

assurance

automation

authentication

encryption

276. A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1.

Which command achieves this goal?

snmp-server host inside 10.255.254.1 snmpv3 myv3

snmp-server host inside 10.255.254.1 snmpv3 andy

snmp-server host inside 10.255.254.1 version 3 myv3

snmp-server host inside 10.255.254.1 version 3 andy

277. Refer to the exhibit.

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface.

What is causing this problem?

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

DHCP snooping has not been enabled on all VLANs.

The no ip arp inspection trust command is applied on all user host interfaces

Dynamic ARP Inspection has not been enabled on all VLANs

278. Under which two circumstances is a CoA issued? (Choose two.)

A new authentication rule was added to the policy on the Policy Service node

An endpoint is deleted on the Identity Service Engine server

A new Identity Source Sequence is created and referenced in the authentication policy

An endpoint is profiled for the first time

A new Identity Service Engine server is added to the deployment with the Administration persona

279. An organization is receiving SPAM emails from a known malicious domain.

What must be configured in order to prevent the session during the initial TCP communication?

Configure the Cisco ESA to drop the malicious emails.

Configure policies to quarantine malicious emails.

Configure policies to stop and reject communication

Configure the Cisco ESA to reset the TCP connection.

280. What is a key difference between Cisco Firepower and Cisco ASA?

Cisco ASA provides access control while Cisco Firepower does not.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

281. Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

SIP

inline normalization

SSL

packet decoder

modbus

282. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

283. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

BJTLSvl

TLSv1.1

DTLSv1

284. Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two.)

protocol IDs

URLs

IP addresses

port numbers

MAC addresses

285. A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance.

Which ASA deployment mode meets these needs?

multiple context mode

transparent mode

routed mode

multiple zone mode

286. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications.

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

improper file security

software bugs on applications

unencrypted links for traffic

287. Which two capabilities does TAXII support? (Choose two.)

exchange

pull messaging

binding

correlation

mitigating

288. A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication.

How will the Cisco ESA handle any files which need analysis?

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

The file is queued for upload when connectivity is restored.

The file upload is abandoned.

The ESA immediately makes another attempt to upload the file.

289. What is the primary role of the Cisco Email Security Appliance?

Mail Submission Agent

Mail Transfer Agent

Mail Delivery Agent

Mail User Agent

290. Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance.

What is causing this issue?

Site-to-site VPN peers are using different encryption algorithms.

Site-to-site VPN preshared keys are mismatched.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

The access control policy is not allowing VPN traffic in.

291. What are two DDoS attack categories? (Choose two.)

sequential

protocol

database

volume-based

scree-based

292. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

Application Control

Security Category Blocking

Content Category Blocking

File Analysis

293. What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

Multiple NetFlow collectors are supported.

Advanced NetFlow v9 templates and legacy v5 formatting are supported.

Flow-create events are delayed.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

294. Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

Cisco Firepower

Cisco Umbrella

Cisco Stealth watch

NGIPS

295. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Encrypted Traffic Analytics

Threat Intelligence Director

Cognitive Threat Analytics

Cisco Talos Intelligence

296. DRAG DROP

Drag and drop the descriptions from the left onto the encryption algorithms on the right.

297. DRAG DROP

Drag and drop the capabilities from the left onto the correct technologies on the right.

298. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

sending continuous pings

overflowing the buffer’s memory

inserting malicious commands into the database

299. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

Cisco Firepower

Cisco Umbrella

ISE

AMP

300. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.

What must be configured, based on a predefined threshold, to address this issue?

Bridge Protocol Data Unit guard

embedded event monitoring

access control lists

Storm Control

301. Refer to the exhibit.

hashing algorithm mismatch

interesting traffic was not applied

authentication key mismatch

encryption algorithm mismatch

302. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

303. DRAG DROP

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

304. In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

when there is a need for traditional anti-malware detection

when there is no need to have the solution centrally managed

when there te no firewall on the network

when there is a need to have more advanced detection capabilities

305. Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

NGFW

AMP

WSA

ESA

306. What is provided by the Secure Hash Algorithm in a VPN?

integrity

key exchange

encryption

authentication

307. Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

westbound AP

southbound API

northbound API

eastbound API

308. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

Paas

Xaas

Iaas

Saas

309. Which functions of an SDN architecture require southbound APIs to enable communication?

SDN controller and the network elements

management console and the SDN controller

management console and the cloud

SDN controller and the cloud

310. Refer to the exhibit.

What does the number 15 represent in this configuration?

privilege level for an authorized user to this router

access list that identifies the SNMP devices that can access the router

interval in seconds between SNMPv3 authentication attempts

number of possible failed attempts until the SNMPv3 user is locked out

Cisco 350-701 SCOR Free Questions – New CCNP and CCIE Security Core

View 350-701 SCOR Free Questions From PassQuestion Complete 350-701 Real Exam Questions

Leave a Reply Cancel reply