ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
What is a characteristic of Dynamic ARP Inspection?
Which ASA deployment mode can provide separation of management on a shared appliance?

Question 91

Report
Export
Collapse

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

A.

RSA SecureID

A.

RSA SecureID

Answers
B.

Internal Database

B.

Internal Database

Answers
C.

Active Directory

C.

Active Directory

Answers
D.

LDAP

D.

LDAP

Answers
Suggested answer: C

Question 92

Report
Export
Collapse

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17- 010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransom ware infection? (Choose two)

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Answers
B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Answers
C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Answers
D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Answers
E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Answers
Suggested answer: A, C

Explanation:

A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements >

Conditions > File.

In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware.

Question 93

Report
Export
Collapse

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

A.

RADIUS Change of Authorization

A.

RADIUS Change of Authorization

Answers
B.

device tracking

B.

device tracking

Answers
C.

DHCP snooping

C.

DHCP snooping

Answers
D.

VLAN hopping

D.

VLAN hopping

Answers
Suggested answer: A

Question 94

Report
Export
Collapse

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?

(Choose two)

A.

multiple factor auth

A.

multiple factor auth

Answers
B.

local web auth

B.

local web auth

Answers
C.

single sign-on

C.

single sign-on

Answers
D.

central web auth

D.

central web auth

Answers
E.

TACACS+

E.

TACACS+

Answers
Suggested answer: B, D

Question 95

Report
Export
Collapse

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

A.

Windows service

A.

Windows service

Answers
B.

computer identity

B.

computer identity

Answers
C.

user identity

C.

user identity

Answers
D.

Windows firewall

D.

Windows firewall

Answers
E.

default browser

E.

default browser

Answers
Suggested answer: A, D

Question 96

Report
Export
Collapse

Which compliance status is shown when a configured posture policy requirement is not met?

A.

compliant

A.

compliant

Answers
B.

unknown

B.

unknown

Answers
C.

authorized

C.

authorized

Answers
D.

noncompliant

D.

noncompliant

Answers
Suggested answer: D

Explanation:

Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies.

A posture policy is a collection of posture requirements that are associated with one or more identity groups and operating systems.

Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies.

+ If a mandatory requirement fails, the user will be moved to Non-Compliant state + If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user is moved to Compliant state This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the user can be in Non-compliant or compliant state. But "noncompliant" is the best answer here.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-

3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_010111.html

Question 97

Report
Export
Collapse

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

A.

It allows the endpoint to authenticate with 802.1x or MAB.

A.

It allows the endpoint to authenticate with 802.1x or MAB.

Answers
B.

It verifies that the endpoint has the latest Microsoft security patches installed.

B.

It verifies that the endpoint has the latest Microsoft security patches installed.

Answers
C.

It adds endpoints to identity groups dynamically.

C.

It adds endpoints to identity groups dynamically.

Answers
D.

It allows CoA to be applied if the endpoint status is compliant.

D.

It allows CoA to be applied if the endpoint status is compliant.

Answers
Suggested answer: A

Question 98

Report
Export
Collapse

Which IPS engine detects ARP spoofing?

A.

Atomic ARP Engine

A.

Atomic ARP Engine

Answers
B.

Service Generic Engine

B.

Service Generic Engine

Answers
C.

ARP Inspection Engine

C.

ARP Inspection Engine

Answers
D.

AIC Engine

D.

AIC Engine

Answers
Suggested answer: A

Question 99

Report
Export
Collapse

What is a characteristic of Dynamic ARP Inspection?

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

Answers
B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

Answers
C.

DAI associates a trust state with each switch.

C.

DAI associates a trust state with each switch.

Answers
D.

DAI intercepts all ARP requests and responses on trusted ports only.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Answers
Suggested answer: A

Question 100

Report
Export
Collapse

What is a characteristic of traffic storm control behavior?

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Answers
B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

Answers
C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Answers
D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Answers
Suggested answer: A
Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms