Cisco 350-701 Practice Test - Questions Answers, Page 37
Question list
List of questions
Related questions
What is the function of the Python script code snippet for the Cisco ASA REST API?
adds a global rule into policies
changes the hostname of the Cisco ASA
deletes a global rule from policies
obtains the saved configuration of the Cisco ASA firewall
An engineer must modify a policy to block specific addresses using Cisco Umbrell a. The policy is created already and is actively u: of the default policy elements. What else must be done to accomplish this task?
Add the specified addresses to the identities list and create a block action.
Create a destination list for addresses to be allowed or blocked.
Use content categories to block or allow specific addresses.
Modify the application settings to allow only applications to connect to required addresses.
An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?
L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.
L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.
GRE over IPsec adds its own header, and L2TP does not.
GRE over IPsec cannot be used as a standalone protocol, and L2TP can.
What is a benefit of using a multifactor authentication strategy?
It provides visibility into devices to establish device trust.
It provides secure remote access for applications.
It provides an easy, single sign-on experience against multiple applications
lt protects data by enabling the use of a second validation of identity.
A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization.
While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?
Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.
Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.
Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)
Cisco Umbrella
Cisco ISE
Cisco DNA Center
Cisco TrustSec
Cisco Duo Security
Which role is a default guest type in Cisco ISE?
Monthly
Yearly
Contractor
Full-Time
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)
Cisco Cloud Director
Cisco Prime Infrastructure
PowerOn Auto Provisioning
Seed IP
CDP AutoDiscovery
Refer to the exhibit.
All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication and the file server?
Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabrtEthernet0/4 as isolated ports
Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports
Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports
Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports
Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?
Only URLs for botnets with reputation scores of 1-3 will be blocked.
Only URLs for botnets with a reputation score of 3 will be blocked.
Only URLs for botnets with reputation scores of 3-5 will be blocked.
Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked.
Question