ExamGecko
Login
Home / Cisco / 350-701 / List of questions
Ask Question

Cisco 350-701 Practice Test - Questions Answers, Page 10

List of questions

Question 91

Report Export Collapse

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

RSA SecureID

RSA SecureID

Internal Database

Internal Database

Active Directory

Active Directory

LDAP

LDAP

Suggested answer: C
asked 10/10/2024
Simon Merlin AGHOKENG
48 questions

Question 92

Report Export Collapse

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17- 010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransom ware infection? (Choose two)

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Suggested answer: A, C
Explanation:

A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements >

Conditions > File.

In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware.

Cisco 350-701 image Question 92 explanation 117313 10102024233051000000

asked 10/10/2024
EDUARDO LEE
44 questions

Question 93

Report Export Collapse

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

RADIUS Change of Authorization

RADIUS Change of Authorization

device tracking

device tracking

DHCP snooping

DHCP snooping

VLAN hopping

VLAN hopping

Suggested answer: A
asked 10/10/2024
Frans Gafane
36 questions

Question 94

Report Export Collapse

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?

(Choose two)

multiple factor auth

multiple factor auth

local web auth

local web auth

single sign-on

single sign-on

central web auth

central web auth

TACACS+

TACACS+

Suggested answer: B, D
asked 10/10/2024
Massimiliano Parisi
45 questions

Question 95

Report Export Collapse

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

Windows service

Windows service

computer identity

computer identity

user identity

user identity

Windows firewall

Windows firewall

default browser

default browser

Suggested answer: A, D
asked 10/10/2024
Avtandili Tsagareishvili
47 questions

Question 96

Report Export Collapse

Which compliance status is shown when a configured posture policy requirement is not met?

compliant

compliant

unknown

unknown

authorized

authorized

noncompliant

noncompliant

Suggested answer: D
Explanation:

Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies.

A posture policy is a collection of posture requirements that are associated with one or more identity groups and operating systems.

Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies.

+ If a mandatory requirement fails, the user will be moved to Non-Compliant state + If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user is moved to Compliant state This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the user can be in Non-compliant or compliant state. But "noncompliant" is the best answer here.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-

3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_010111.html

asked 10/10/2024
Hammad Chandio
36 questions

Question 97

Report Export Collapse

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

It allows the endpoint to authenticate with 802.1x or MAB.

It allows the endpoint to authenticate with 802.1x or MAB.

It verifies that the endpoint has the latest Microsoft security patches installed.

It verifies that the endpoint has the latest Microsoft security patches installed.

It adds endpoints to identity groups dynamically.

It adds endpoints to identity groups dynamically.

It allows CoA to be applied if the endpoint status is compliant.

It allows CoA to be applied if the endpoint status is compliant.

Suggested answer: A
asked 10/10/2024
SoftwareONE Deutschland GmbH
36 questions

Question 98

Report Export Collapse

Which IPS engine detects ARP spoofing?

Atomic ARP Engine

Atomic ARP Engine

Service Generic Engine

Service Generic Engine

ARP Inspection Engine

ARP Inspection Engine

AIC Engine

AIC Engine

Suggested answer: A
asked 10/10/2024
Tim Wersinger
46 questions

Question 99

Report Export Collapse

What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

DAI associates a trust state with each switch.

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only.

DAI intercepts all ARP requests and responses on trusted ports only.

Suggested answer: A
asked 10/10/2024
Sharankumar Nadarajah
42 questions

Question 100

Report Export Collapse

What is a characteristic of traffic storm control behavior?

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Traffic storm control cannot determine if the packet is unicast or broadcast.

Traffic storm control cannot determine if the packet is unicast or broadcast.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Suggested answer: A
asked 10/10/2024
Marcin Golec
38 questions
Total 631 questions
Go to page: of 64
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
How is Cisco Umbrella configured to log only security events?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
DRAG DROP Refer to the exhibit. An engineer must configure a Cisco switch to perform PPP authentication via a TACACS server located at IP address 10.1.1.10. Authentication must fall back to the local database using the username LocalUser and password C1Sc0451069341l if the TACACS server is unreachable. Drag and drop the commands from the left onto the corresponding configuration steps on the right.
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
Which compliance status is shown when a configured posture policy requirement is not met?
A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.