ExamGecko
Home / Cisco / 350-701 / List of questions
Ask Question

Cisco 350-701 Practice Test - Questions Answers, Page 24

List of questions

Question 231

Report Export Collapse

What is the role of an endpoint in protecting a user from a phishing attack?

Use Cisco Stealthwatch and Cisco ISE Integration.

Use Cisco Stealthwatch and Cisco ISE Integration.

Utilize 802.1X network security to ensure unauthorized access to resources.

Utilize 802.1X network security to ensure unauthorized access to resources.

Use machine learning models to help identify anomalies and determine expected sending behavior.

Use machine learning models to help identify anomalies and determine expected sending behavior.

Ensure that antivirus and anti malware software is up to date

Ensure that antivirus and anti malware software is up to date

Suggested answer: C
asked 10/10/2024
Sathiyaraj Arulprakasam
52 questions

Question 232

Report Export Collapse

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

Set content settings to High

Set content settings to High

Configure the intelligent proxy.

Configure the intelligent proxy.

Use destination block lists.

Use destination block lists.

Configure application block lists.

Configure application block lists.

Suggested answer: B
Explanation:

Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.

Reference: https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy

asked 10/10/2024
Sergey Aleksandrov
56 questions

Question 233

Report Export Collapse

With which components does a southbound API within a software-defined network architecture communicate?

controllers within the network

controllers within the network

applications

applications

appliances

appliances

devices such as routers and switches

devices such as routers and switches

Suggested answer: D
Explanation:

Cisco 350-701 image Question 233 explanation 117454 10102024233051000000

The Southbound API is used to communicate between Controllers and network devices.

asked 10/10/2024
OKAN AYDOÄžAN
52 questions

Question 234

Report Export Collapse

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

a Network Discovery policy to receive data from the host

a Network Discovery policy to receive data from the host

a Threat Intelligence policy to download the data from the host

a Threat Intelligence policy to download the data from the host

a File Analysis policy to send file data into Cisco Firepower

a File Analysis policy to send file data into Cisco Firepower

a Network Analysis policy to receive NetFlow data from the host

a Network Analysis policy to receive NetFlow data from the host

Suggested answer: A
Explanation:

You can configure discovery rules to tailor the discovery of host and application data to your needs.

The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map.

A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt -> Answer D is not correct.

asked 10/10/2024
Salvatore Andrisani
45 questions

Question 235

Report Export Collapse

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for.

What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

The key server that is managing the keys for the connection will be at 1.2.3.4

The key server that is managing the keys for the connection will be at 1.2.3.4

The remote connection will only be allowed from 1.2.3.4

The remote connection will only be allowed from 1.2.3.4

The address that will be used as the crypto validation authority

The address that will be used as the crypto validation authority

All IP addresses other than 1.2.3.4 will be allowed

All IP addresses other than 1.2.3.4 will be allowed

Suggested answer: B
Explanation:

The command crypto isakmp key cisco address 1.2.3.4 authenticates the IP address of the 1.2.3.4 peer by using the key cisco. The address of "0.0.0.0" will authenticate any address with this key

asked 10/10/2024
sushma kc
44 questions

Question 236

Report Export Collapse

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

file access from a different user

file access from a different user

interesting file access

interesting file access

user login suspicious behavior

user login suspicious behavior

privilege escalation

privilege escalation

Suggested answer: C
Explanation:

The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:

+ Shell code execution: Looks for the patterns used by shell code.

+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.

+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.

Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.

+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).

+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.

+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.

+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.

+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration

Analytics platform.

Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetrationanalytics/whitepaper-c11-740380.html

asked 10/10/2024
Cintron, Rigoberto
42 questions

Question 237

Report Export Collapse

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.

Use EEM to have the ports return to service automatically in less than 300 seconds.

Use EEM to have the ports return to service automatically in less than 300 seconds.

Enter the shutdown and no shutdown commands on the interfaces.

Enter the shutdown and no shutdown commands on the interfaces.

Enable the snmp-server enable traps command and wait 300 seconds

Enable the snmp-server enable traps command and wait 300 seconds

Ensure that interfaces are configured with the error-disable detection and recovery feature

Ensure that interfaces are configured with the error-disable detection and recovery feature

Suggested answer: C, E
Explanation:

You can also bring up the port by using these commands:

+ The "shutdown" interface configuration command followed by the "no shutdown" interface configuration command restarts the disabled port.

+ The "errdisable recovery cause …" global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.

asked 10/10/2024
Timothy Brown
35 questions

Question 238

Report Export Collapse

What is the difference between Cross-site Scripting and SQL Injection, attacks?

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Suggested answer: A
Explanation:

Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.

Answer C is not correct because the statement "Cross-site Scripting is when executives in a corporation are attacked" is not true. XSS is a client-side vulnerability that targets other application users.

Answer D is not correct because the statement "Cross-site Scripting is an attack where code is executed from the server side". In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client's side.

Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.

Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

asked 10/10/2024
Praveen Achankunju
49 questions

Question 239

Report Export Collapse

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

Adaptive Network Control Policy List

Adaptive Network Control Policy List

Context Visibility

Context Visibility

Accounting Reports

Accounting Reports

RADIUS Live Logs

RADIUS Live Logs

Suggested answer: D
Explanation:

How To Troubleshoot ISE Failed Authentications & Authorizations

Check the ISE Live Logs

Login to the primary ISE Policy Administration Node (PAN).

Go to Operations > RADIUS > Live Logs

(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications Check for Any Failed Authentication Attempts in the Log

Cisco 350-701 image Question 239 explanation 117460 10102024233051000000

Reference: https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-faile-dauthenticationsamp/ta-p/3630960

asked 10/10/2024
Tom Bodett
40 questions

Question 240

Report Export Collapse

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Place the Cisco ISE server and the AD server in the same subnet

Place the Cisco ISE server and the AD server in the same subnet

Configure a common administrator account

Configure a common administrator account

Configure a common DNS server

Configure a common DNS server

Synchronize the clocks of the Cisco ISE server and the AD server

Synchronize the clocks of the Cisco ISE server and the AD server

Suggested answer: D
Explanation:

The following are the prerequisites to integrate Active Directory with Cisco ISE.

+ Use the Network Time Protocol (NTP) server settings to synchronize the time between the Cisco ISE server and Active Directory. You can configure NTP settings from Cisco ISE CLI.

+ If your Active Directory structure has multidomain forest or is divided into multiple forests, ensure that trust relationships exist between the domain to which Cisco ISE is connected and the other domains that have user and machine information to which you need access. For more information on establishing trust relationships, refer to Microsoft Active Directory documentation.

+ You must have at least one global catalog server operational and accessible by Cisco ISE, in the domain to which you are joining Cisco ISE.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-

0/ise_active_directory_integration/ b_ISE_AD_integration_2x.html#reference_8DC463597A644A5C9CF5D582B77BB24F

asked 10/10/2024
Cristian Pernia
46 questions
Total 631 questions
Go to page: of 64
Search

Related questions