Cisco 350-701 Practice Test - Questions Answers, Page 5
List of questions
Question 41
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
health policy
system policy
correlation policy
access control policy
health awareness policy
Question 42
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?
control
malware
URL filtering
protect
Question 43
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System?
(Choose two)
Port
Rule
Source
Application
Protocol
Question 44
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
quality of service
time synchronization
network address translations
intrusion policy
Question 45
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which information is required when adding a device to Firepower Management Center?
username and password
encryption method
device serial number
registration key
Question 46
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)
transparent mode
routed mode
inline mode
active mode
passive monitor-only mode
Explanation:
You can configure your ASA FirePOWER module using one of the following deployment models:
You can configure your ASA FirePOWER module in either an inline or a monitor-only (inline tap or passive) deployment.
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/asdm72/firewall/asafirewall-asdm/modules-sfr.html
Question 47
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?
Certificate Trust List
Endpoint Trust List
Enterprise Proxy Service
Secured Collaboration Proxy
Question 48
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
A sysopt command can be used to enable NSEL on a specific interface.
NSEL can be used without a collector configured.
A flow-export event type must be defined under a policy
Question 49
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which feature is supported when deploying Cisco ASAv within AWS public cloud?
multiple context mode
user deployment of Layer 3 networks
IPv6
clustering
Explanation:
The ASAv on AWS supports the following features:
+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.
+ Deployment in the Virtual Private Cloud (VPC)
+ Enhanced networking (SR-IOV) where available
+ Deployment from Amazon Marketplace
+ Maximum of four vCPUs per instance
+ User deployment of L3 networks
+ Routed mode (default)
Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.
It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96qsg/asavaws.html
Question 50
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
It allows traffic if it does not meet the profile.
It defines a traffic baseline for traffic anomaly deduction.
It inspects hosts that meet the profile with more intrusion rules.
It blocks traffic if it does not meet the profile.
Question