ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 21

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
What is a characteristic of Firepower NGIPS inline deployment mode?
Which ASA deployment mode can provide separation of management on a shared appliance?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)

Question 201

Report
Export
Collapse

An organization is implementing URL blocking using Cisco Umbrell a. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

Answers
B.

IP-Layer Enforcement is not configured.

B.

IP-Layer Enforcement is not configured.

Answers
C.

Client computers do not have an SSL certificate deployed from an internal CA server.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

Answers
D.

Intelligent proxy and SSL decryption is disabled in the policy

D.

Intelligent proxy and SSL decryption is disabled in the policy

Answers
Suggested answer: A

Explanation:

Other features are dependent on SSL Decryption functionality, which requires the Cisco Umbrella root certificate. Having the SSL Decryption feature improves:

Custom URL Blocking—Required to block the HTTPS version of a URL.

…U mbrella's Block Page and Block Page Bypass features present an SSL certificate to browsers that make connections to HTTPS sites. This SSL certificate matches the requested site but will be signed by the Cisco Umbrella certificate authority (CA). If the CA is not trusted by your browser, an error page may be displayed.

Typical errors include "The security certificate presented by this website was not issued by a trusted certificate authority" (Internet Explorer), "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (Mozilla Firefox). Although the error page is expected, the message displayed can be confusing and you may wish to prevent it from appearing.

To avoid these error pages, install the Cisco Umbrella root certificate into your browser or the browsers of your users—if you're a network admin.

Reference: https://docs.umbrella.com/deployment-umbrella/docs/rebrand-cisco-certificate-importinformation

Question 202

Report
Export
Collapse

Which two aspects of the cloud PaaS model are managed by the customer but not the provider?

(Choose two)

A.

virtualization

A.

virtualization

Answers
B.

middleware

B.

middleware

Answers
C.

operating systems

C.

operating systems

Answers
D.

applications

D.

applications

Answers
E.

data

E.

data

Answers
Suggested answer: D, E

Explanation:

Customers must manage applications and data in PaaS.

Question 203

Report
Export
Collapse

What is an attribute of the DevSecOps process?

A.

mandated security controls and check lists

A.

mandated security controls and check lists

Answers
B.

security scanning and theoretical vulnerabilities

B.

security scanning and theoretical vulnerabilities

Answers
C.

development security

C.

development security

Answers
D.

isolated security team

D.

isolated security team

Answers
Suggested answer: C

Explanation:

DevSecOps (development, security, and operations) is a concept used in recent years to describe how to move security activities to the start of the development life cycle and have built-in security practices in the continuous integration/

continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

Three key things make a real DevSecOps environment:

+ Security testing is done by the development team.

+ Issues found during that testing is managed by the development team.

+ Fixing those issues stays within the development team.

Question 204

Report
Export
Collapse

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?

A.

Bridge Protocol Data Unit guard

A.

Bridge Protocol Data Unit guard

Answers
B.

embedded event monitoring

B.

embedded event monitoring

Answers
C.

storm control

C.

storm control

Answers
D.

access control lists

D.

access control lists

Answers
Suggested answer: C

Explanation:

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.

By using the "storm-control broadcast level [falling-threshold]" we can limit the broadcast traffic on the switch.

Question 205

Report
Export
Collapse

Which two cryptographic algorithms are used with IPsec? (Choose two)

A.

AES-BAC

A.

AES-BAC

Answers
B.

AES-ABC

B.

AES-ABC

Answers
C.

HMAC-SHA1/SHA2

C.

HMAC-SHA1/SHA2

Answers
D.

Triple AMC-CBC

D.

Triple AMC-CBC

Answers
E.

AES-CBC

E.

AES-CBC

Answers
Suggested answer: C, E

Explanation:

Cryptographic algorithms defined for use with IPsec include:

+ HMAC-SHA1/SHA2 for integrity protection and authenticity.

+ TripleDES-CBC for confidentiality

+ AES-CBC and AES-CTR for confidentiality.

+ AES-GCM and ChaCha20-Poly1305 providing confidentiality and authentication together efficiently.

Question 206

Report
Export
Collapse

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A.

LDAP injection

A.

LDAP injection

Answers
B.

man-in-the-middle

B.

man-in-the-middle

Answers
C.

cross-site scripting

C.

cross-site scripting

Answers
D.

insecure API

D.

insecure API

Answers
Suggested answer: B

Question 207

Report
Export
Collapse

Which Dos attack uses fragmented packets to crash a target machine?

A.

smurf

A.

smurf

Answers
B.

MITM

B.

MITM

Answers
C.

teardrop

C.

teardrop

Answers
D.

LAND

D.

LAND

Answers
Suggested answer: C

Explanation:

A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device. This generally happens on older operating systems such as Windows 3.1x, Windows 95, Windows NT and versions of the Linux kernel prior to 2.1.63.

Question 208

Report
Export
Collapse

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

A.

to prevent theft of the endpoints

A.

to prevent theft of the endpoints

Answers
B.

because defense-in-depth stops at the network

B.

because defense-in-depth stops at the network

Answers
C.

to expose the endpoint to more threats

C.

to expose the endpoint to more threats

Answers
D.

because human error or insider threats will still exist

D.

because human error or insider threats will still exist

Answers
Suggested answer: D

Question 209

Report
Export
Collapse

Which type of API is being used when a security application notifies a controller within a softwaredefined network architecture about a specific security threat?

A.

westbound AP

A.

westbound AP

Answers
B.

southbound API

B.

southbound API

Answers
C.

northbound API

C.

northbound API

Answers
D.

eastbound API

D.

eastbound API

Answers
Suggested answer: C

Question 210

Report
Export
Collapse

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

A.

Multiple routers or VRFs are required.

A.

Multiple routers or VRFs are required.

Answers
B.

Traffic is distributed statically by default.

B.

Traffic is distributed statically by default.

Answers
C.

Floating static routes are required.

C.

Floating static routes are required.

Answers
D.

HSRP is used for faliover.

D.

HSRP is used for faliover.

Answers
Suggested answer: B
Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms