ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 27

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
What is a characteristic of Firepower NGIPS inline deployment mode?
Which ASA deployment mode can provide separation of management on a shared appliance?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Question 261

Report
Export
Collapse

What is a function of 3DES in reference to cryptography?

A.

It hashes files.

A.

It hashes files.

Answers
B.

It creates one-time use passwords.

B.

It creates one-time use passwords.

Answers
C.

It encrypts traffic.

C.

It encrypts traffic.

Answers
D.

It generates private keys.

D.

It generates private keys.

Answers
Suggested answer: C

Question 262

Report
Export
Collapse

Which risk is created when using an Internet browser to access cloud-based service?

A.

misconfiguration of infrastructure, which allows unauthorized access

A.

misconfiguration of infrastructure, which allows unauthorized access

Answers
B.

intermittent connection to the cloud connectors

B.

intermittent connection to the cloud connectors

Answers
C.

vulnerabilities within protocol

C.

vulnerabilities within protocol

Answers
D.

insecure implementation of API

D.

insecure implementation of API

Answers
Suggested answer: D

Question 263

Report
Export
Collapse

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

A.

deliver and send copies to other recipients

A.

deliver and send copies to other recipients

Answers
B.

quarantine and send a DLP violation notification

B.

quarantine and send a DLP violation notification

Answers
C.

quarantine and alter the subject header with a DLP violation

C.

quarantine and alter the subject header with a DLP violation

Answers
D.

deliver and add disclaimer text

D.

deliver and add disclaimer text

Answers
Suggested answer: D

Explanation:

You specify primary and secondary actions that the appliance will take when it detects a possible DLP violation in an outgoing message. Different actions can be assigned for different violation types and severities.

Primary actions include:

– Deliver

– Drop

– Quarantine

Secondary actions include:

– Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message.

– Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers.

– Altering the subject header of messages containing a DLP violation.

– Adding disclaimer text to messages.

– Sending messages to an alternate destination mailhost.

– Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.)

– Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer.

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html

Question 264

Report
Export
Collapse

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A.

configure manager add DONTRESOLVE kregistration key>

A.

configure manager add DONTRESOLVE kregistration key>

Answers
B.

configure manager add <FMC IP address> <registration key> 16

B.

configure manager add <FMC IP address> <registration key> 16

Answers
C.

configure manager add DONTRESOLVE <registration key> FTD123

C.

configure manager add DONTRESOLVE <registration key> FTD123

Answers
D.

configure manager add <FMC IP address> <registration key>

D.

configure manager add <FMC IP address> <registration key>

Answers
Suggested answer: D

Explanation:

To let FMC manages FTD, first we need to add manager from the FTD and assign a register key of your choice. The command configure manager add 1.1.1.2 the_registration_key_you_want, where 1.1.1.2 is the IP address of the FMC, you need to use the same registration key in FMC when adding this FTD as a managed device.

Reference: https://cyruslab.net/2019/09/03/ciscocisco-firepower-lab-setup/

Question 265

Report
Export
Collapse

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

A.

It forwards the packet after validation by using the MAC Binding Table.

A.

It forwards the packet after validation by using the MAC Binding Table.

Answers
B.

It drops the packet after validation by using the IP & MAC Binding Table.

B.

It drops the packet after validation by using the IP & MAC Binding Table.

Answers
C.

It forwards the packet without validation.

C.

It forwards the packet without validation.

Answers
D.

It drops the packet without validation.

D.

It drops the packet without validation.

Answers
Suggested answer: B

Question 266

Report
Export
Collapse

What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

A.

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

A.

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

Answers
B.

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

B.

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

Answers
C.

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

C.

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

Answers
D.

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone- Based Policy Firewall cannot

D.

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone- Based Policy Firewall cannot

Answers
Suggested answer: A

Question 267

Report
Export
Collapse

What is a benefit of performing device compliance?

A.

Verification of the latest OS patches

A.

Verification of the latest OS patches

Answers
B.

Device classification and authorization

B.

Device classification and authorization

Answers
C.

Providing multi-factor authentication

C.

Providing multi-factor authentication

Answers
D.

Providing attribute-driven policies

D.

Providing attribute-driven policies

Answers
Suggested answer: A

Question 268

Report
Export
Collapse

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

A.

Hybrid

A.

Hybrid

Answers
B.

Community

B.

Community

Answers
C.

Private

C.

Private

Answers
D.

Public

D.

Public

Answers
Suggested answer: B

Explanation:

Community Cloud allows system and services to be accessible by group of organizations. It shares the infrastructure between several organizations from a specific community. It may be managed internally by organizations or by the third- party.

Question 269

Report
Export
Collapse

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

A.

IKEv1

A.

IKEv1

Answers
B.

AH

B.

AH

Answers
C.

ESP

C.

ESP

Answers
D.

IKEv2

D.

IKEv2

Answers
Suggested answer: C

Question 270

Report
Export
Collapse

An organization wants to secure users, data, and applications in the cloud. The solution must be APIbased and operate as a cloud-native CASB. Which solution must be used for this implementation?

A.

Cisco Cloudlock

A.

Cisco Cloudlock

Answers
B.

Cisco Cloud Email Security

B.

Cisco Cloud Email Security

Answers
C.

Cisco Firepower Next-Generation Firewall

C.

Cisco Firepower Next-Generation Firewall

Answers
D.

Cisco Umbrella

D.

Cisco Umbrella

Answers
Suggested answer: A

Explanation:

Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.

Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-websecurity/at-a-glance-c45-738565.pdf

Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms