350-701 Flashcards
(160 cards)
1
Q
What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)
A
simple custom detections
allowed applications
2
Q
Which command enables 802.1X globally on a Cisco switch?
A
dot1x system-auth-control
3
Q
What is the function of Cisco Cloudlock for data security?
A
data loss prevention
4
Q
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)
A
Windows service
Windows firewall
5
Q
What is a characteristic of Dynamic ARP Inspection?
A
DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the
DHCP snooping binding database.
6
Q
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?
A
AMP
7
Q
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A
destination lists
8
Q
Which statement about IOS zone-based firewalls is true?
A
An interface can be assigned only to one zone.
9
Q
Which two activities can be done using Cisco DNA Center? (Choose two.)
A
design
provision
10
Q
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
A
Active Directory
11
Q
Which VPN technology can support a multivendor environment and secure traffic between sites?
A
FlexVPN
12
Q
Which SNMPv3 configuration must be used to support the strongest security possible?
A
asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
13
Q
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
A
Cisco Application Visibility and Control
14
Q
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)
A
Install a spam and virus email filter.
Protect systems with an up-to-date antimalware program.
15
Q
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.)
A
Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
16
Q
Why would a user choose an on-premises ESA versus the CES solution?
A
Sensitive data must remain onsite.
17
Q
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
A
GET VPN
18
Q
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
A
PaaS
19
Q
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
A
Enable Intelligent Proxy.
20
Q
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses andmalware? (Choose two.)
A
Sophos engine
outbreak filters
21
Q
How is Cisco Umbrella configured to log only security events?
A
per policy
22
Q
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?
A
EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
23
Q
On which part of the IT environment does DevSecOps focus?
A
application development
24
Q
Which functions of an SDN architecture require southbound APIs to enable communication?
A
SDN controller and the network elements
25
What is a characteristic of traffic storm control behavior?
Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
26
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)
put
| get
27
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
application
28
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?
application blocking list
29
Which ASA deployment mode can provide separation of management on a shared appliance?
multiple context mode
30
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)
Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
31
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
Cisco Threat Grid
32
What provides visibility and awareness into what is currently occurring on the network?
Telemetry
33
Which attack is commonly associated with C and C++ programming languages?
buffer overflow
34
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.
Which CoA type achieves this goal?
CoA Reauth
35
Refer to the exhibit. Which command was used to display this output?
show dot1x all
36
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)
Check integer, float, or Boolean string parameters to ensure accurate values.
Use prepared statements and parameterized queries.
37
How does Cisco Stealthwatch Cloud provide security for cloud environments?
It delivers visibility and threat detection.
38
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)
SIP
| SSL
39
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
time synchronization
40
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
SDN controller and the management solution
41
Refer to the exhibit. What is a result of the configuration?
Traffic from the inside network is redirected.
42
Which information is required when adding a device to Firepower Management Center?
registration key
43
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)
encryption
| DLP
44
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
It tracks flow-create, flow-teardown, and flow-denied events.
45
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
SSL Decryption
46
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
brute force
| man-in-the-middle
47
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
prevalence
48
Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment?
6
49
Which two features of Cisco Email Security can protect your organization against email threats?(choose two)
Data loss prevention
| Geolocation-based filtering
50
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
Step 1 - Configure a Machine Agent or SIM Agent
Step 2 - Install monitoring extension for AWS EC2
Step 3 - Update config.yaml
Step 4 - Restart the Machine Agent
51
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
impact flags
52
Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?
The authentication and authorization requests are grouped in a single packet.
53
Which two preventive measures are used to control cross-site scripting? (Choose two.)
Enable client-side scripts on a per-domain basis.
| Incorporate contextual output encoding/escaping.
54
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
network discovery
55
Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
show authentication sessions
56
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?
RAT
57
Which two capabilities does TAXII support? (Choose two.)
pull messaging
| binding
58
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
platform service policy
59
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network.
The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
Cisco Identity Services Engine and AnyConnect Posture module
60
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)
data exfiltration
| command and control communication
61
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
cross-site scripting
62
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)
The IPsec configuration that is set up on the active device must be duplicated on the standby device.
The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
63
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
show authen sess int gi0/1
64
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)
DHCP Snooping
| Dynamic ARP inspection
65
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring aninline posture node?
RADIUS Change of Authorization
66
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
67
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)
RADIUS
| DHCP
68
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
Tetration
69
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)
time factor
| knowledge factor
70
Which two key and block sizes are valid for AES? (Choose two.)
128-bit block size, 192-bit key length
| 128-bit block size, 256-bit key length
71
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.
Which task can you perform to determine where each message was lost?
Configure the trackingconfig command to enable message tracking.
72
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?
RSA
73
How is ICMP used an exfiltration technique?
by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host
74
What is the difference between deceptive phishing and spear phishing?
A spear phishing campaign is aimed at a specific person versus a group of people.
75
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth.
Which product meets all of these requirements?
Cisco Identity Services Engine
76
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)
authentication server: Cisco Identity Service Engine
| authenticator: Cisco Catalyst switch
77
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?
Certificate Trust List
78
Which API is used for Content Security?
AsyncOS API
79
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
The attack is fragmented into groups of 8 octets before transmission.
Malformed packets are used to crash systems.
80
Which two mechanisms are used to control phishing attacks? (Choose two.)
Enable browser alerts for fraudulent websites.
| Implement email filtering techniques.
81
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
Security Category Blocking
82
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)
central web auth
| local web auth
83
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
user input validation in a web page or web application
84
Which deployment model is the most secure when considering risks to cloud adoption?
private cloud
85
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
It discovers and controls cloud apps that are connected to a company's corporate environment.
86
What is the primary benefit of deploying an ESA in hybrid mode?
It provides email security while supporting the transition to the cloud
87
Which option is the main function of Cisco Firepower impact flags?
They correlate data about intrusions and vulnerability.
88
Which two deployment modes does the Cisco ASA FirePOWER module support? (Choose two.)
inline mode
| passive monitor-only mode
89
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto
the correct definitions on the right.
Distributed PortScan - Many to one portscan in which multiple hosts scan a single host for open ports
Decoy PortScan - one to one portscan, atacker mixes spoofed source address inter-mixed with the real scanning address
Port Sweep - one to many port sweep, an attacker against a few hosts to scan a single port on multiple targets
PortScan Detection - one to one PortScan, an attacker against one, few hosts to scan one or multiple ports
90
Drag and drop the capabilities from the left onto the correct technologies on the right.
Next Generation Intrusion Prevention System - provides superior threat prevention and mitigation for known and unknown threats.
Advanced Malware Protection - detection, blocking, tracking, analysis, and remediation to protect against targeted persistant malware attacks.
Application control and URL filtering - application layer control and ability to enforce usage and tailor detection policies based on custom application and URLs
Cisco Web Security Appliance - combine integrated solution of strong defense and web protection, visibility, and controlling solutions
91
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
IKEv1
uses six packets in main mode to establish phase 1
uses three packets in aggressive mode to establish phase 1
IKEv2
standard includes NAT-T
uses four packets packets to establish phase 1 and phase 2
uses EAP for authenticating remote access clients
92
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
Talos
93
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
It provides enhanced HTTPS application detection for AsyncOS.
94
What is the primary role of the Cisco Email Security Appliance?
Mail Transfer Agent
95
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)
assurance
| automation
96
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
DNS tunneling
97
Which algorithm provides encryption and authentication for data plane communication?
AES-GCM
98
How does Cisco Umbrella archive logs to an enterprise-owned storage?
by being configured to send logs to a self-managed AWS S3 bucket
99
In which cloud services model is the tenant responsible for virtual machine OS patching?
IaaS
100
Which two descriptions of AES encryption are true? (Choose two.)
AES is more secure than 3DES.
| AES can use a 256-bit key for encryption.
101
Which technology is used to improve web traffic performance by proxy caching?
WSA
102
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two.)
WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Layer 4 switches can automatically redirect traffic destined to port 80.
103
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
Configure the advancedproxyconfig command with the HTTPS subcommand
104
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
Cisco Cloudlock
105
Refer to the exhibit. What does the number 15 represent in this configuration?
access list that identifies the SNMP devices that can access the router
106
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?
model-driven telemetry
107
Which feature is supported when deploying Cisco ASA within AWS public cloud?
user deployment of Layer 3 networks
108
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
transparent
109
An MDM provides which two advantages to an organization with regards to device management? (Choose two.)
asset inventory management
| allowed application management
110
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
IP and Domain Reputation Center
111
Under which two circumstances is a CoA issued? (Choose two.)
An endpoint is deleted on the Identity Service Engine server.
An endpoint is profiled for the first time.
112
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
A flow-export event type must be defined under a policy.
113
Which benefit does endpoint security provide the overall security posture of an organization?
It allows the organization to detect and mitigate threats that the perimeter security devices do not
114
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?
Browse to http://welcome.umbrellA.com/to validate that the new identity is working.
115
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?
STIX
116
When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for analysis?
dynamic analysis
117
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?
private cloud
118
Which IPS engine detects ARP spoofing?
Atomic ARP Engine
119
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
It defines a traffic baseline for traffic anomaly deduction.
120
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System?
Rule
| Source
121
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?
protect
122
Which policy is used to capture host information on the Cisco Next Generation Intrusion Prevention System?
network discovery
123
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
health policy
124
Which CLI command is used to register a Cisco FirePOWER sensor to Firepower Management Center?
configure manager add
125
Which Cisco AMP file disposition valid?
malware
126
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
ETHOS detection engine
127
Which function is the primary function of Cisco AMP threat Grid?
automated malware analysis
128
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)
Outgoing traffic is allowed so users can communicate with outside organizations.
Messenger applications cannot be segmented with standard network controls.
129
How many interfaces per bridge group does an ASA bridge group deployment support?
up to 8
130
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?
It allows the endpoint to authenticate with 802.1xor MAB.
131
What is a feature of the open platform capabilities of Cisco DNA Center?
intent-based APIs
132
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?
interpacket variation
133
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two.)
reference a Proxy Auto Config file
| use Web Cache Communication Protocol
134
Which form of attack is launched using botnets?
EIDDOS
135
How is DNS tunneling used to exfiltrate data out of a corporate network?
lt encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
136
Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?
Cisco Umbrella
137
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)
Apply NetFlow Exporter to the outside interface in the inbound direction.
Define a NetFlow collector by using the flow-export command.
138
What is a difference between FlexVPN and DMVPN?
FlexVPN uses IKEv2. DMVPN uses IKEvI or IKEv2.
139
A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?
multiple context mode
140
What is the function of the Context Directory Agent?
reads the Active Directory logs to map IP addresses to usernames
141
What is a commonality between DMVPN and FlexVPN technologies?
IOS routers run the same NHRP code for DMVPN and FlexVPN.
142
Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)
ARP spoofing
| malware
143
Which threat involves software being used to gain unauthorized access to a computer system?
virus
144
What is a characteristic of Firepower NGIPS inline deployment mode?
it must have inline interface pairs configured.
145
What are two rootkit types? (Choose two)
buffer mode
| user mode
146
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA.
Which Cisco ASA command must be used?
flow-export destination inside 1.1.1.1 2055
147
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
aaa new-model
148
Refer to the exhibit. What is the result of this Python script of the Cisco DNA Center API?
adds a switch to Cisco DNA Center
149
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two.)
secure access to on-premises and cloud applications
| single sign-on access to on-premises and cloud applications
150
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
DTLSv1
151
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?
Platform Exchange Grid
152
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1.
Which command achieves this goal?
snmp-server host inside 10.255.254.1 version 3 myv3
153
Which type of attack is social engineering?
phishing
154
Which compliance status is shown when a configured posture policy requirement is not met?
noncompliant
155
What must be used to share data between multiple security products?
Cisco Platform Exchange Grid
156
An engineer wants to automatically assign endpoints that have a specific OUl into a new endpoint group.
Which probe must be enabled for this type of profiling to work?
NMAP
157
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
profile
158
A network engineer is configuring DMVPN and entered the crypto is akmp key cisc0380739941 address 0.0.0.0 command on host A The tunnel is not being established to host B.
What action is needed to authenticate the VPN?
Enter the same command on host B.
159
on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err- disabled interface.
What is causing this problem?
DHCP snooping has not been enabled on all VLANs.
160
Refer to the exhibit. What does the API do when connected to a Cisco security appliance?
gather the network interface information about the computers AMP sees
