ExamGecko
Search Search Login
Home Home / Cisco / 350-701

Cisco 350-701 Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
What is a characteristic of Dynamic ARP Inspection?
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

Question 41

Report
Export
Collapse

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

A.

health policy

A.

health policy

Answers
B.

system policy

B.

system policy

Answers
C.

correlation policy

C.

correlation policy

Answers
D.

access control policy

D.

access control policy

Answers
E.

health awareness policy

E.

health awareness policy

Answers
Suggested answer: A

Question 42

Report
Export
Collapse

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

A.

control

A.

control

Answers
B.

malware

B.

malware

Answers
C.

URL filtering

C.

URL filtering

Answers
D.

protect

D.

protect

Answers
Suggested answer: D

Question 43

Report
Export
Collapse

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System?

(Choose two)

A.

Port

A.

Port

Answers
B.

Rule

B.

Rule

Answers
C.

Source

C.

Source

Answers
D.

Application

D.

Application

Answers
E.

Protocol

E.

Protocol

Answers
Suggested answer: B, C

Question 44

Report
Export
Collapse

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A.

quality of service

A.

quality of service

Answers
B.

time synchronization

B.

time synchronization

Answers
C.

network address translations

C.

network address translations

Answers
D.

intrusion policy

D.

intrusion policy

Answers
Suggested answer: B

Question 45

Report
Export
Collapse

Which information is required when adding a device to Firepower Management Center?

A.

username and password

A.

username and password

Answers
B.

encryption method

B.

encryption method

Answers
C.

device serial number

C.

device serial number

Answers
D.

registration key

D.

registration key

Answers
Suggested answer: D

Question 46

Report
Export
Collapse

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

A.

transparent mode

A.

transparent mode

Answers
B.

routed mode

B.

routed mode

Answers
C.

inline mode

C.

inline mode

Answers
D.

active mode

D.

active mode

Answers
E.

passive monitor-only mode

E.

passive monitor-only mode

Answers
Suggested answer: C, D

Explanation:

You can configure your ASA FirePOWER module using one of the following deployment models:

You can configure your ASA FirePOWER module in either an inline or a monitor-only (inline tap or passive) deployment.

Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/asdm72/firewall/asafirewall-asdm/modules-sfr.html

Question 47

Report
Export
Collapse

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

A.

Certificate Trust List

A.

Certificate Trust List

Answers
B.

Endpoint Trust List

B.

Endpoint Trust List

Answers
C.

Enterprise Proxy Service

C.

Enterprise Proxy Service

Answers
D.

Secured Collaboration Proxy

D.

Secured Collaboration Proxy

Answers
Suggested answer: A

Question 48

Report
Export
Collapse

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A.

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

A.

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

Answers
B.

A sysopt command can be used to enable NSEL on a specific interface.

B.

A sysopt command can be used to enable NSEL on a specific interface.

Answers
C.

NSEL can be used without a collector configured.

C.

NSEL can be used without a collector configured.

Answers
D.

A flow-export event type must be defined under a policy

D.

A flow-export event type must be defined under a policy

Answers
Suggested answer: D

Question 49

Report
Export
Collapse

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A.

multiple context mode

A.

multiple context mode

Answers
B.

user deployment of Layer 3 networks

B.

user deployment of Layer 3 networks

Answers
C.

IPv6

C.

IPv6

Answers
D.

clustering

D.

clustering

Answers
Suggested answer: B

Explanation:

The ASAv on AWS supports the following features:

+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.

+ Deployment in the Virtual Private Cloud (VPC)

+ Enhanced networking (SR-IOV) where available

+ Deployment from Amazon Marketplace

+ Maximum of four vCPUs per instance

+ User deployment of L3 networks

+ Routed mode (default)

Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.

It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96qsg/asavaws.html

Question 50

Report
Export
Collapse

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A.

It allows traffic if it does not meet the profile.

A.

It allows traffic if it does not meet the profile.

Answers
B.

It defines a traffic baseline for traffic anomaly deduction.

B.

It defines a traffic baseline for traffic anomaly deduction.

Answers
C.

It inspects hosts that meet the profile with more intrusion rules.

C.

It inspects hosts that meet the profile with more intrusion rules.

Answers
D.

It blocks traffic if it does not meet the profile.

D.

It blocks traffic if it does not meet the profile.

Answers
Suggested answer: B
Total 631 questions
Go to page: of 64
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms