Ask Question
Cisco 350-701 Practice Test - Questions Answers, Page 7
List of questions
Question 61
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
flow-export destination inside 1.1.1.1 2055
ip flow monitor input
ip flow-export destination 1.1.1.1 2055
flow exporter
Question 62
How many interfaces per bridge group does an ASA bridge group deployment support?
up to 2
up to 4
up to 8
up to 16
Each of the ASAs interfaces need to be grouped into one or more bridge groups. Each of these groups acts as an independent transparent firewall. It is not possible for one bridge group to communicate with another bridge group without assistance from an external router.
As of 8.4(1) upto 8 bridge groups are supported with 2-4 interface in each group. Prior to this only one bridge group was supported and only 2 interfaces.
Up to 4 interfaces are permitted per bridge–group (inside, outside, DMZ1, DMZ2)
Question 63
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
packet decoder
SIP
modbus
inline normalization
SSL
Application layer protocols can represent the same data in a variety of ways. The Firepower System provides application layer protocol decoders that normalize specific types of packet data into formats that the intrusion rules engine can analyze. Normalizing application-layer protocol encodings allows the rules engine to effectively apply the same content-related rules to packets whose data is represented differently and obtain meaningful results.
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-configguidev60/Application_Layer_Preprocessors.html#ID-2244-0000080cFirePower uses many preprocessors, including DNS, FTP/Telnet, SIP, SSL,
SMTP, SSH preprocessors.
Question 64
Which two features of Cisco Email Security can protect your organization against email threats?
(Choose two)
Time-based one-time passwords
Data loss prevention
Heuristic-based filtering
Geolocation-based filtering
NetFlow
Protect sensitive content in outgoing emails with Data Loss Prevention (DLP) and easy-to-use email encryption, all in one solution.
Cisco Email Security appliance can now handle incoming mail connections and incoming messages from specific geolocations and perform appropriate actions on them, for example:
– Prevent email threats coming from specific geographic regions.
– Allow or disallow emails coming from specific geographic regions.
Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_00.html
Question 65
Why would a user choose an on-premises ESA versus the CES solution?
Sensitive data must remain onsite.
Demand is unpredictable.
The server team wants to outsource this service.
ESA is deployed inline.
Question 66
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?
(Choose two)
Sophos engine
white list
RAT
outbreak filters
DLP
Question 67
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
It decrypts HTTPS application traffic for unauthenticated users.
It alerts users when the WSA decrypts their traffic.
It decrypts HTTPS application traffic for authenticated users.
It provides enhanced HTTPS application detection for AsyncOS.
Question 68
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
It can handle explicit HTTP requests.
It requires a PAC file for the client web browser.
It requires a proxy for the client web browser.
WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Layer 4 switches can automatically redirect traffic destined to port 80.
Question 69
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
Configure the datasecurityconfig command
Configure the advancedproxyconfig command with the HTTPS subcommand
Configure a small log-entry size.
Configure a maximum packet size.
Question 70
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?
SAT
BAT
HAT
RAT
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question