ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
Which ASA deployment mode can provide separation of management on a shared appliance?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
What is a characteristic of Dynamic ARP Inspection?

Question 181

Report
Export
Collapse

Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

A.

URLs

Answers
B.

protocol IDs

B.

protocol IDs

Answers
C.

IP addresses

C.

IP addresses

Answers
D.

MAC addresses

D.

MAC addresses

Answers
E.

port numbers

E.

port numbers

Answers
Suggested answer: A, C

Explanation:

Security Intelligence Sources

…C ustom Block lists or feeds (or objects or groups) Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.)

For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmcconfigguide-v623/security_intelligence_blacklisting.html

Question 182

Report
Export
Collapse

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

A.

Cisco WiSM

A.

Cisco WiSM

Answers
B.

Cisco ESA

B.

Cisco ESA

Answers
C.

Cisco ISE

C.

Cisco ISE

Answers
D.

Cisco Prime Infrastructure

D.

Cisco Prime Infrastructure

Answers
Suggested answer: C

Explanation:

A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements >

Conditions > File.

In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware; and we can also configure ISE to update the client with this patch.

Question 183

Report
Export
Collapse

What are two benefits of Flexible NetFlow records? (Choose two)

A.

They allow the user to configure flow information to perform customized traffic identification

A.

They allow the user to configure flow information to perform customized traffic identification

Answers
B.

They provide attack prevention by dropping the traffic

B.

They provide attack prevention by dropping the traffic

Answers
C.

They provide accounting and billing enhancements

C.

They provide accounting and billing enhancements

Answers
D.

They converge multiple accounting technologies into one accounting mechanism

D.

They converge multiple accounting technologies into one accounting mechanism

Answers
E.

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

E.

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

Answers
Suggested answer: A, D

Explanation:

NetFlow is typically used for several key customer applications, including the following:

…B illing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/fnffnetflow.htmlIf the predefined Flexible NetFlow records are not suitable for your traffic requirements, you cancreate a userdefined (custom) record using the Flexible NetFlow collect and match commands.

Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields.

Reference: https://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyondtheselayers.

Question 184

Report
Export
Collapse

How does DNS Tunneling exfiltrate data?

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

Answers
B.

An attacker opens a reverse DNS shell to get into the client's system and install malware on it.

B.

An attacker opens a reverse DNS shell to get into the client's system and install malware on it.

Answers
C.

An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

C.

An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

Answers
D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

Answers
Suggested answer: A

Question 185

Report
Export
Collapse

A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

A.

phishing

A.

phishing

Answers
B.

slowloris

B.

slowloris

Answers
C.

pharming

C.

pharming

Answers
D.

SYN flood

D.

SYN flood

Answers
Suggested answer: D

Question 186

Report
Export
Collapse

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?

A.

Configure the Cisco ESA to drop the malicious emails

A.

Configure the Cisco ESA to drop the malicious emails

Answers
B.

Configure policies to quarantine malicious emails

B.

Configure policies to quarantine malicious emails

Answers
C.

Configure policies to stop and reject communication

C.

Configure policies to stop and reject communication

Answers
D.

Configure the Cisco ESA to reset the TCP connection

D.

Configure the Cisco ESA to reset the TCP connection

Answers
Suggested answer: D

Question 187

Report
Export
Collapse

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)

A.

permit

A.

permit

Answers
B.

trust

B.

trust

Answers
C.

reset

C.

reset

Answers
D.

allow

D.

allow

Answers
E.

monitor

E.

monitor

Answers
Suggested answer: B, E

Explanation:

Each rule also has an action, which determines whether you monitor, trust, block, or allow matching traffic.

Note: With action "trust", Firepower does not do any more inspection on the traffic. There will be no intrusion protection and also no file-policy on this traffic.

Question 188

Report
Export
Collapse


An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

A.

mirror port

A.

mirror port

Answers
B.

Flow

B.

Flow

Answers
C.

NetFlow

C.

NetFlow

Answers
D.

VPC flow logs

D.

VPC flow logs

Answers
Suggested answer: C

Question 189

Report
Export
Collapse

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

A.

Configure incoming content filters

Answers
B.

Use Bounce Verification

B.

Use Bounce Verification

Answers
C.

Configure Directory Harvest Attack Prevention

C.

Configure Directory Harvest Attack Prevention

Answers
D.

Bypass LDAP access queries in the recipient access table

D.

Bypass LDAP access queries in the recipient access table

Answers
Suggested answer: C

Explanation:

A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different permutations of common username. Its easy for attackers to get hold of a valid email address if your organization uses standard format for official e-mail alias (for example: [email protected]). We can configure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.

Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here's an LDAP search translated into plain

English: "Search for all people located in Chicago who's name contains "Fred" that have an email address. Please return their full name, email, title, and description.

Question 190

Report
Export
Collapse

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A.

Multiple NetFlow collectors are supported

A.

Multiple NetFlow collectors are supported

Answers
B.

Advanced NetFlow v9 templates and legacy v5 formatting are supported

B.

Advanced NetFlow v9 templates and legacy v5 formatting are supported

Answers
C.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

C.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

Answers
D.

Flow-create events are delayed

D.

Flow-create events are delayed

Answers
Suggested answer: B

Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa- general-cli/ monitor-nsel.pdf ... -- Delays the export of flow-create events. The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide the following major functions: ... -- Delays the export of flow-create events. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa- general-cli/ monitor-nsel.pdf


Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms