Cisco 350-701 Practice Test - Questions Answers, Page 33
Question list
List of questions
Related questions
An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?
Cisco Stealthwatch Cloud
Cisco Umbrella
NetFlow collectors
Cisco Cloudlock
What is the difference between a vulnerability and an exploit?
A vulnerability is a hypothetical event for an attacker to exploit
A vulnerability is a weakness that can be exploited by an attacker
An exploit is a weakness that can cause a vulnerability in the network
An exploit is a hypothetical event that causes a vulnerability in the network
Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?
deployment
consumption
authoring
sharing
An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1 1 11 using the flow record Stea!thwatch406397954 command Which additional command is required to complete the flow record?
transport udp 2055
match ipv4 ttl
cache timeout active 60
destination 1.1.1.1
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
Cisco Tetration
Cisco ISE?
Cisco AMP for Network
Cisco AnyConnect
How is data sent out to the attacker during a DNS tunneling attack?
as part of the UDP/53 packet payload
as part of the domain name
as part of the TCP/53 packet header
as part of the DNS response packet
An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?
Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.
Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE
Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.
Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?
The administrator must upload the file instead of the hash for Cisco AMP to use.
The MD5 hash uploaded to the simple detection policy is in the incorrect format
The APK must be uploaded for the application that the detection is intended
Detections for MD5 signatures must be configured in the advanced custom detection policies
An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?
Platform as a Service because the customer manages the operating system
Infrastructure as a Service because the customer manages the operating system
Platform as a Service because the service provider manages the operating system
Infrastructure as a Service because the service provider manages the operating system
An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?
Change the IP address of the new Cisco ISE node to the same network as the others.
Make the new Cisco ISE node a secondary PAN before registering it with the primary.
Open port 8905 on the firewall between the Cisco ISE nodes
Add the DNS entry for the new Cisco ISE node into the DNS server
Question