ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 31

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
What is a characteristic of Firepower NGIPS inline deployment mode?
Which ASA deployment mode can provide separation of management on a shared appliance?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Question 301

Report
Export
Collapse

Which parameter is required when configuring a Netflow exporter on a Cisco Router?

A.

DSCP value

A.

DSCP value

Answers
B.

Source interface

B.

Source interface

Answers
C.

Exporter name

C.

Exporter name

Answers
D.

Exporter description

D.

Exporter description

Answers
Suggested answer: C

Explanation:

An example of configuring a NetFlow exporter is shown below: flow exporter Exporter destination 192.168.100.22 transport udp 2055

Question 302

Report
Export
Collapse

Which category includes DoS Attacks?

A.

Virus attacks

A.

Virus attacks

Answers
B.

Trojan attacks

B.

Trojan attacks

Answers
C.

Flood attacks

C.

Flood attacks

Answers
D.

Phishing attacks

D.

Phishing attacks

Answers
Suggested answer: C

Question 303

Report
Export
Collapse

What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

A.

It provides spoke-to-spoke communications without traversing the hub

A.

It provides spoke-to-spoke communications without traversing the hub

Answers
B.

It allows different routing protocols to work over the tunnel

B.

It allows different routing protocols to work over the tunnel

Answers
C.

It allows customization of access policies based on user identity

C.

It allows customization of access policies based on user identity

Answers
D.

It allows multiple sites to connect to the data center

D.

It allows multiple sites to connect to the data center

Answers
E.

It enables VPN access for individual users from their machines

E.

It enables VPN access for individual users from their machines

Answers
Suggested answer: C, E

Question 304

Report
Export
Collapse

When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?

A.

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

A.

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

Answers
B.

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

B.

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

Answers
C.

DH is a symmetric key establishment algorithm intended to output asymmetric keys

C.

DH is a symmetric key establishment algorithm intended to output asymmetric keys

Answers
D.

DH is on asymmetric key establishment algorithm intended to output symmetric keys

D.

DH is on asymmetric key establishment algorithm intended to output symmetric keys

Answers
Suggested answer: D

Explanation:

Diffie Hellman (DH) uses a private-public key pair to establish a shared secret, typically a symmetric key. DH is not a symmetric algorithm – it is an asymmetric algorithm used to establish a shared secret for a symmetric key algorithm.

Question 305

Report
Export
Collapse

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

A.

Malware installation

A.

Malware installation

Answers
B.

Command-and-control communication

B.

Command-and-control communication

Answers
C.

Network footprinting

C.

Network footprinting

Answers
D.

Data exfiltration

D.

Data exfiltration

Answers
Suggested answer: D

Explanation:

Malware installation: This may be done by hijacking DNS queries and responding with malicious IP addresses.

Command & Control communication: As part of lateral movement, after an initial compromise, DNS communications is abused to communicate with a C2 server. This typically involves making periodic DNS queries from a computer in the target network for a domain controlled by the adversary. The responses contain encoded messages that may be used to perform unauthorized actions in the target network.

Network footprinting: Adversaries use DNS queries to build a map of the network. Attackers live off the terrain so developing a map is important to them.

Data theft (exfiltration): Abuse of DNS to transfer data; this may be performed by tunneling other protocols like FTP, SSH through DNS queries and responses. Attackers make multiple DNS queries from a compromised computer to a domain owned by the adversary. DNS tunneling can also be used for executing commands and transferring malware into the target network.

Reference: https://www.netsurion.com/articles/5-types-of-dns-attacks-and-how-to-detect-them

Question 306

Report
Export
Collapse

What is a difference between GETVPN and IPsec?

A.

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

A.

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

Answers
B.

GETVPN provides key management and security association management

B.

GETVPN provides key management and security association management

Answers
C.

GETVPN is based on IKEv2 and does not support IKEv1

C.

GETVPN is based on IKEv2 and does not support IKEv1

Answers
D.

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

D.

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

Answers
Suggested answer: C

Question 307

Report
Export
Collapse

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

A.

Telemetry uses a pull mehod, which makes it more reliable than SNMP

A.

Telemetry uses a pull mehod, which makes it more reliable than SNMP

Answers
B.

Telemetry uses push and pull, which makes it more scalable than SNMP

B.

Telemetry uses push and pull, which makes it more scalable than SNMP

Answers
C.

Telemetry uses push and pull which makes it more secure than SNMP

C.

Telemetry uses push and pull which makes it more secure than SNMP

Answers
D.

Telemetry uses a push method which makes it faster than SNMP

D.

Telemetry uses a push method which makes it faster than SNMP

Answers
Suggested answer: D

Explanation:

SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change which can often break scripts.

The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data.

Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.

Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Referfence: https:// developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-startguide/ streaming telemetry

Question 308

Report
Export
Collapse

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement?

A.

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not

A.

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not

Answers
B.

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

B.

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

Answers
C.

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

C.

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

Answers
D.

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

D.

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

Answers
Suggested answer: C

Question 309

Report
Export
Collapse

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?

A.

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

A.

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

Answers
B.

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

B.

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

Answers
C.

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

C.

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

Answers
D.

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

D.

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Answers
Suggested answer: A

Question 310

Report
Export
Collapse

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for

CDP or DHCP are not. What should the administrator do to address this issue?

A.

Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE

A.

Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE

Answers
B.

Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

B.

Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

Answers
C.

Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE

C.

Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE

Answers
D.

Configure the device sensor feature within the switch to send the appropriate protocol information

D.

Configure the device sensor feature within the switch to send the appropriate protocol information

Answers
Suggested answer: D

Explanation:

Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly, information collected by Device Sensor can come from the following protocols:

+ Cisco Discovery Protocol (CDP)

+ Link Layer Discovery Protocol (LLDP)

+ Dynamic Host Configuration Protocol (DHCP)

Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-ConfigureDevice-Sensor-for-ISE-Profilin.html

Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms