Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

Simple Certificate Enrollment Protocol

Refer to the exhibit. What will happen when this Python script is run?

The list of computers, policies, and connector statuses will be received from Cisco AMP

The compromised computers and malware trajectories will be received from Cisco AMP

The list of computers and their current vulnerabilities will be received from Cisco AMP

The compromised computers and what compromised them will be received from Cisco AMP

The list of computers, policies, and connector statuses will be received from Cisco AMP

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Ethos Engine to perform fuzzy fingerprinting

Tetra Engine to detect malware when me endpoint is connected to the cloud

Clam AV Engine to perform email scanning

Spero Engine with machine learning to perform dynamic analysis

What are two characteristics of Cisco DNA Center APIs? (Choose two)

They quickly provision new devices.

They view the overall health of the network

Postman is required to utilize Cisco DNA Center API calls.

They do not support Python scripts.

They quickly provision new devices.

They view the overall health of the network

What is a benefit of conducting device compliance checks?

It validates if anti-virus software is installed.

It indicates what type of operating system is connecting to the network.

It validates if anti-virus software is installed.

It scans endpoints to determine if malicious activity is taking place.

It detects email phishing attacks.

In which two ways does Easy Connect help control network access when used with Cisco TrustSec?(Choose two)

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups(PassiveID).

It allows multiple security products to share information and work together to enhance security posture in the network.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

It integrates with third-party products to provide better visibility throughout the network.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups(PassiveID).

What is the benefit of installing Cisco AMP for Endpoints on a network?

It protects endpoint systems through application control and real-time scanning

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints network connections.

It enables behavioral analysis to be used for the endpoints.

It protects endpoint systems through application control and real-time scanning

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

Set a trusted interface for the DHCP server

Add entries in the DHCP snooping database

Enable ARP inspection for the required VLAN

Refer to the exhibit. What will happen when the Python script is executed?

The script will pull all computer hostnames and print them.

The hostname will be translated to an IP address and printed.

The hostname will be printed for the client in the client ID field.

The script will pull all computer hostnames and print them.

The script will translate the IP address to FODN and print it

Why is it important to implement MFA inside of an organization?

To prevent brute force attacks from being successful.

To prevent man-the-middle attacks from being successful.

To prevent DoS attacks from being successful.

To prevent brute force attacks from being successful.

To prevent phishing attacks from being successful.

A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?

set the password to be used for SNMPv3 authentication

define the encryption algorithm to be used by SNMPv3

specify the UDP port used by SNMP

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?

Cisco Configuration Professional

What is a function of 3DES in reference to cryptography?

It creates one-time use passwords.

Which risk is created when using an Internet browser to access cloud-based service?

misconfiguration of infrastructure, which allows unauthorized access

intermittent connection to the cloud connectors

vulnerabilities within protocol

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

deliver and add disclaimer text

deliver and send copies to other recipients

quarantine and send a DLP violation notification

quarantine and alter the subject header with a DLP violation

deliver and add disclaimer text

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

configure manager add <FMC IP address> <registration key>

configure manager add DONTRESOLVE kregistration key>

configure manager add <FMC IP address> <registration key> 16

configure manager add DONTRESOLVE <registration key> FTD123

configure manager add <FMC IP address> <registration key>

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.How does the switch behave in this situation?

It drops the packet after validation by using the IP & MAC Binding Table.

It forwards the packet after validation by using the MAC Binding Table.

It drops the packet after validation by using the IP & MAC Binding Table.

It forwards the packet without validation.

It drops the packet without validation.

What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone- Based Policy Firewall cannot

What is a benefit of performing device compliance?

Verification of the latest OS patches

Device classification and authorization

Providing multi-factor authentication

Providing attribute-driven policies

An organization wants to secure users, data, and applications in the cloud. The solution must be APIbased and operate as a cloud-native CASB. Which solution must be used for this implementation?

Cisco Firepower Next-Generation Firewall

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

To ensure that assets are secure from malicious links on and off the corporate network

To protect the endpoint against malicious file transfers

To ensure that assets are secure from malicious links on and off the corporate network

To establish secure VPN connectivity to the corporate network

To enforce posture compliance and mandatory software

What is a capability of Cisco ASA Netflow?

It filters NSEL events based on traffic

It generates NSEL events even if the MPF is not configured

It logs all event types only to the same collector

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

What is the benefit of integrating Cisco ISE with a MDM solution?

It provides compliance checks for access to the network

It provides the ability to update other applications on the mobile device

It provides the ability to add applications to the mobile device through Cisco ISE

It provides network device administration access

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

Configure the domain.com address in the block list

Configure the *.com address in the block list.

Configure the *.domain.com address in the block list

Configure the *domain.com address in the block list

Configure the domain.com address in the block list

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

Make the priority for the new policy 5 and the primary policy 1

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

Make the priority for the new policy 5 and the primary policy 1

Change the encryption to AES* to support all AES algorithms in the primary policy

Make the priority for the primary policy 10 and the new policy 1

Cisco 350-701 Practice Test 7 - Free Online Exam Prep & Questions

Question 1 / 40

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

Use security services to configure the traffic monitor, .

Use URL categorization to prevent the application traffic.

Use an access policy group to configure application control settings.

Use web security reporting to validate engine functionality

Comment (0)

Cisco 350-701 Practice Test 7

Question

Cisco 350-701 Practice Tests

Practice Tests