ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
What is a characteristic of Firepower NGIPS inline deployment mode?
Which ASA deployment mode can provide separation of management on a shared appliance?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Question 311

Report
Export
Collapse

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

A.

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

A.

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

Answers
B.

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

B.

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

Answers
C.

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

Answers
D.

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

D.

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

Answers
Suggested answer: B

Explanation:

The Stealthwatch Cloud Private Network Monitoring (PNM) Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. –VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems.

Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf

Question 312

Report
Export
Collapse

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?

A.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

A.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

Answers
B.

Set the tunnel to go through the Cisco FTD

B.

Set the tunnel to go through the Cisco FTD

Answers
C.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

C.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

Answers
D.

Set the tunnel port to 8305

D.

Set the tunnel port to 8305

Answers
Suggested answer: A

Explanation:

The FMC and managed devices communicate using a two-way, SSL-encrypted communication channel, which by default is on port 8305.

Cisco strongly recommends that you keep the default settings for the remote management port, but if the management port conflicts with other communications on your network, you can choose a different port. If you change the management port, you must change it for all devices in your deployment that need to communicate with each other.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmcftd-mgmtnw.html

Question 313

Report
Export
Collapse

Which service allows a user export application usage and performance statistics with Cisco Application Visibility and control?

A.

SNORT

A.

SNORT

Answers
B.

NetFlow

B.

NetFlow

Answers
C.

SNMP

C.

SNMP

Answers
D.

802.1X

D.

802.1X

Answers
Suggested answer: B

Explanation:

Application Visibility and control (AVC) supports NetFlow to export application usage and performance statistics. This data can be used for analytics, billing, and security policies.

Question 314

Report
Export
Collapse

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

A.

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

A.

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

Answers
B.

The file being uploaded is incompatible with simple detections and must use advanced detections

B.

The file being uploaded is incompatible with simple detections and must use advanced detections

Answers
C.

The hash being uploaded is part of a set in an incorrect format

C.

The hash being uploaded is part of a set in an incorrect format

Answers
D.

The engineer is attempting to upload a file instead of a hash

D.

The engineer is attempting to upload a file instead of a hash

Answers
Suggested answer: A

Question 315

Report
Export
Collapse

Refer to the exhibit.

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access.

Most PCs and IP phones can connect and authenticate using their machine certificate credentials.

However printer and video cameras cannot base d on the interface configuration provided, what must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?

A.

Change the default policy in Cisco ISE to allow all devices not using machine authentication .

A.

Change the default policy in Cisco ISE to allow all devices not using machine authentication .

Answers
B.

Enable insecure protocols within Cisco ISE in the allowed protocols configuration.

B.

Enable insecure protocols within Cisco ISE in the allowed protocols configuration.

Answers
C.

Configure authentication event fail retry 2 action authorize vlan 41 on the interface

C.

Configure authentication event fail retry 2 action authorize vlan 41 on the interface

Answers
D.

Add mab to the interface configuration.

D.

Add mab to the interface configuration.

Answers
Suggested answer: D

Question 316

Report
Export
Collapse

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source- interface command needed for this configuration?

A.

Only requests that originate from a configured NAS IP are accepted by a RADIUS server

A.

Only requests that originate from a configured NAS IP are accepted by a RADIUS server

Answers
B.

The RADIUS authentication key is transmitted only from the defined RADIUS source interface

B.

The RADIUS authentication key is transmitted only from the defined RADIUS source interface

Answers
C.

RADIUS requests are generated only by a router if a RADIUS source interface is defined.

C.

RADIUS requests are generated only by a router if a RADIUS source interface is defined.

Answers
D.

Encrypted RADIUS authentication requires the RADIUS source interface be defined

D.

Encrypted RADIUS authentication requires the RADIUS source interface be defined

Answers
Suggested answer: A

Question 317

Report
Export
Collapse

A customer has various external HTTP resources available including Intranet. Extranet, and Internet,with a proxy configuration running in explicit mode Which method allows the client desktopbrowsers to be configured to select when to connect direct or when to use the proxy?

A.

Transparent mode

A.

Transparent mode

Answers
B.

Forward file

B.

Forward file

Answers
C.

PAC file

C.

PAC file

Answers
D.

Bridge mode

D.

Bridge mode

Answers
Suggested answer: C

Question 318

Report
Export
Collapse

Refer to the exhibit. What does this Python script accomplish?

A.

It allows authentication with TLSv1 SSL protocol

A.

It allows authentication with TLSv1 SSL protocol

Answers
B.

It authenticates to a Cisco ISE with an SSH connection.

B.

It authenticates to a Cisco ISE with an SSH connection.

Answers
C.

lt authenticates to a Cisco ISE server using the username of ersad

C.

lt authenticates to a Cisco ISE server using the username of ersad

Answers
D.

It lists the LDAP users from the external identity store configured on Cisco ISE

D.

It lists the LDAP users from the external identity store configured on Cisco ISE

Answers
Suggested answer: C

Question 319

Report
Export
Collapse

Which system facilitates deploying microsegmentation and multi-tenancy services with a policyQuestions & Answers PDF P-174 based container?

A.

SDLC

A.

SDLC

Answers
B.

Docker

B.

Docker

Answers
C.

Lambda

C.

Lambda

Answers
D.

Contiv

D.

Contiv

Answers
Suggested answer: B

Question 320

Report
Export
Collapse

Which feature is leveraged by advanced antimalware capabilities to be an effective endpomt protection platform?

A.

big data

A.

big data

Answers
B.

storm centers

B.

storm centers

Answers
C.

sandboxing

C.

sandboxing

Answers
D.

blocklisting

D.

blocklisting

Answers
Suggested answer: C
Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms