350-701: Implementing and Operating Cisco Security Core Technologies Part 4
Question #: 181
Topic #: 1
How does Cisco Workload Optimization Manager help mitigate application performance issues?
A. It automates resource resizing.
B. It sets up a workload forensic score.
C. It optimizes a flow path.
D. It deploys an AWS Lambda system.
Selected Answer: A
Question #: 182
Topic #: 1
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?
A. CI/CD pipeline
B. container
C. orchestration
D. security
Selected Answer: C
Question #: 183
Topic #: 1
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
A. SDLC
B. Lambda
C. Contiv
D. Docker
Selected Answer: C
Question #: 184
Topic #: 1
How does a cloud access security broker function?
A. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution.
B. It scans other cloud solutions being used within the network and identifies vulnerabilities.
C. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.
D. It acts as a security information and event management solution and receives syslog from other cloud solutions.
Selected Answer: A
Question #: 185
Topic #: 1
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.)
A. Send syslog from AWS to Cisco Stealthwatch Cloud.
B. Configure Cisco Stealthwatch Cloud to ingest AWS information.
C. Send VPC Flow Logs to Cisco Stealthwatch Cloud.
D. Configure Cisco Thousand Eyes to ingest AWS information.
E. Configure Cisco ACI to ingest AWS information.
Selected Answer: BC
Question #: 186
Topic #: 1
An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?
A. NetFlow collectors
B. Cisco Cloudlock
C. Cisco Stealthwatch Cloud
D. Cisco Umbrella
Selected Answer: D
Question #: 187
Topic #: 1
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A. application settings
B. content categories
C. security settings
D. destination lists
Selected Answer: A
Question #: 188
Topic #: 1
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network.
Which action tests the routing?
A. Ensure that the client computers are pointing to the on-premises DNS servers.
B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
C. Add the public IP address that the client computers are behind to a Core Identity.
D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
Selected Answer: D
Question #: 189
Topic #: 1
How does Cisco Umbrella archive logs to an enterprise-owned storage?
A. by using the Application Programming Interface to fetch the logs
B. by sending logs via syslog to an on-premises or cloud-based syslog server
C. by the system administrator downloading the logs from the Cisco Umbrella web portal
D. by being configured to send logs to a self-managed AWS S3 bucket
Selected Answer: D
Question #: 190
Topic #: 1
Which API is used for Content Security?
A. NX-OS API
B. IOS XR API
C. OpenVuln API
D. AsyncOS API
Selected Answer: D
Question #: 191
Topic #: 1
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
A. IP Block List Center
B. File Reputation Center
C. AMP Reputation Center
D. IP and Domain Reputation Center
Selected Answer: D
Question #: 192
Topic #: 1
What is the primary role of the Cisco Email Security Appliance?
A. Mail Submission Agent
B. Mail Transfer Agent
C. Mail Delivery Agent
D. Mail User Agent
Selected Answer: D
Question #: 193
Topic #: 1
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)
A. DDoS
B. antispam
C. antivirus
D. encryption
E. DLP
Selected Answer: DE
Question #: 194
Topic #: 1
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?
A. Configure the Cisco ESA to reset the TCP connection.
B. Configure policies to stop and reject communication.
C. Configure the Cisco ESA to drop the malicious emails.
D. Configure policies to quarantine malicious emails.
Selected Answer: A
Question #: 195
Topic #: 1
Refer to the exhibit. What is a result of the configuration?
A. Traffic from the DMZ network is redirected.
B. Traffic from the inside network is redirected.
C. All TCP traffic is redirected.
D. Traffic from the inside and DMZ networks is redirected.
Selected Answer: D
Question #: 196
Topic #: 1
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?
A. Configure the Cisco WSA to modify policies based on the traffic seen.
B. Configure the Cisco ESA to modify policies based on the traffic seen.
C. Configure the Cisco WSA to receive real-time updates from Cisco Talos.
D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.
Selected Answer: C
Question #: 197
Topic #: 1
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)
A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
B. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
C. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
E. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.
Selected Answer: AD
Question #: 198
Topic #: 1
Which technology is used to improve web traffic performance by proxy caching?
A. WSA
B. Firepower
C. FireSIGHT
D. ASA
Selected Answer: C
Question #: 199
Topic #: 1
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. transparent
B. redirection
C. forward
D. proxy gateway
Selected Answer: A
Question #: 200
Topic #: 1
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
A. It decrypts HTTPS application traffic for unauthenticated users.
B. It alerts users when the WSA decrypts their traffic.
C. It decrypts HTTPS application traffic for authenticated users.
D. It provides enhanced HTTPS application detection for AsyncOS.
Selected Answer: D
Question #: 201
Topic #: 1
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?
A. The ESA immediately makes another attempt to upload the file.
B. The file upload is abandoned.
C. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
D. The file is queued for upload when connectivity is restored
Selected Answer: B
Question #: 202
Topic #: 1
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?
A. SAT
B. BAT
C. HAT
D. RAT
Selected Answer: C
Question #: 203
Topic #: 1
Why would a user choose an on-premises ESA versus the CES solution?
A. Sensitive data must remain onsite.
B. Demand is unpredictable.
C. The server team wants to outsource this service.
D. ESA is deployed inline.
Selected Answer: A
Question #: 204
Topic #: 1
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)
A. Sophos engine
B. white list
C. RAT
D. outbreak filters
E. DLP
Selected Answer: C
Question #: 205
Topic #: 1
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify web proxy settings.
B. Modify outbound malware scanning policies.
C. Modify identification profiles.
D. Modify an access policy.
Selected Answer: A
Question #: 206
Topic #: 1
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
A. Configure Directory Harvest Attack Prevention
B. Bypass LDAP access queries in the recipient access table.
C. Use Bounce Verification.
D. Configure incoming content filters.
Selected Answer: A
Question #: 207
Topic #: 1
In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.)
A. use Web Cache Communication Protocol
B. configure AD Group Policies to push proxy settings
C. configure the proxy IP address in the web-browser settings
D. configure policy-based routing on the network infrastructure
E. reference a Proxy Auto Config file
Selected Answer: AD
Question #: 208
Topic #: 1
What is the function of the Context Directory Agent?
A. reads the AD logs to map IP addresses to usernames
B. relays user authentication requests from Cisco WSA to AD
C. maintains users’ group memberships
D. accepts user authentication requests on behalf of Cisco WSA for user identification
Selected Answer: A
Question #: 209
Topic #: 1
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the `Chat and Instant Messaging` category. Which reputation score should be selected to accomplish this goal?
A. 5
B. 10
C. 3
D. 1
Selected Answer: D
Question #: 210
Topic #: 1
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?
A. The policy was created to send a message to quarantine instead of drop.
B. The file has a reputation score that is below the threshold.
C. The file has a reputation score that is above the threshold.
D. The policy was created to disable file analysis.
Selected Answer: D
Question #: 211
Topic #: 1
An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?
A. deliver and add disclaimer text
B. quarantine and send a DLP violation notification
C. quarantine and alter the subject header with a DLP violation
D. deliver and send copies to other recipients
Selected Answer: A
Question #: 212
Topic #: 1
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.)
A. Deploy the Cisco ESA in the DMZ.
B. Use outbreak filters from SenderBase.
C. Configure a recipient access table.
D. Enable a message tracking service.
E. Scan quarantined emails using AntiVirus signatures.
Selected Answer: BE
Question #: 213
Topic #: 1
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?
A. Use destination block lists.
B. Configure application block lists.
C. Configure the intelligent proxy.
D. Set content settings to High.
Selected Answer: A
Question #: 214
Topic #: 1
Which attack is preventable by Cisco ESA but not by the Cisco WSA?
A. SQL injection
B. phishing
C. buffer overflow
D. DoS
Selected Answer: B
Question #: 215
Topic #: 1
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
A. Use security services to configure the traffic monitor.
B. Use URL categorization to prevent the application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality.
Selected Answer: C
Question #: 216
Topic #: 1
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?
A. to establish secure VPN connectivity to the corporate network
B. to enforce posture compliance and mandatory software
C. to ensure that assets are secure from malicious links on and off the corporate network
D. to protect the endpoint against malicious file transfers
Selected Answer: C
Question #: 217
Topic #: 1
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?
A. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA.
B. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device.
C. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device.
D. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device.
Selected Answer: B
Question #: 218
Topic #: 1
An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?
A. Configure the domain.com address in the block list.
B. Configure the *.domain.com address in the block list.
C. Configure the *.com address in the block list.
D. Configure the *domain.com address in the block list.
Selected Answer: A
Question #: 219
Topic #: 1
An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement?
A. Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not.
B. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not.
C. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not.
D. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not.
Selected Answer: D
Question #: 220
Topic #: 1
Which component of Cisco Umbrella architecture increases reliability of the service?
A. BGP route reflector
B. anycast IP
C. AMP Threat Grid
D. Cisco Talos
Selected Answer: B
Question #: 221
Topic #: 1
A customer has various external HTTP resources available including Intranet, Extranet, and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use proxy?
A. Bridge mode
B. Transparent mode
C. .PAC file
D. Forward file
Selected Answer: D
Question #: 222
Topic #: 1
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
A. Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA.
B. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA.
C. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.
D. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not.
Selected Answer: D
Question #: 223
Topic #: 1
An engineer needs to add protection for data in transit and have headers in the email message. Which configuration is needed to accomplish this goal?
A. Deploy an encryption appliance.
B. Provision the email appliance.
C. Map sender IP addresses to a host interface.
D. Enable flagged message handling.
Selected Answer: B
Question #: 224
Topic #: 1
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
A. Cisco Tetration
B. Cisco ISE
C. Cisco AnyConnect
D. Cisco AMP for Network
Selected Answer: A
Question #: 225
Topic #: 1
A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements?
A. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI.
B. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI.
C. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.
D. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.
Selected Answer: D
Question #: 226
Topic #: 1
Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains?
A. Traffic is managed by the application settings, unhandled and allowed.
B. Traffic is managed by the security settings and blocked.
C. Traffic is proxied through the intelligent proxy.
D. Traffic is allowed but logged.
Selected Answer: B
Question #: 227
Topic #: 1
An organization wants to improve its cybersecurity processes and to add intelligence to its data. The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA. What must be done to accomplish these objectives?
A. Configure the integrations with Talos intelligence to take advantage of the threat intelligence that it provides.
B. Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases.
C. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies.
D. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use.
Selected Answer: A
Question #: 228
Topic #: 1
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error.
Why is the error occurring?
A. Client computers do not have an SSL certificate deployed from an internal CA server.
B. Client computers do not have the Cisco Umbrella Root CA certificate installed.
C. IP-Layer Enforcement is not configured.
D. Intelligent proxy and SSL decryption is disabled in the policy.
Selected Answer: B
Question #: 229
Topic #: 1
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
A. File Analysis
B. SafeSearch
C. SSL Decryption
D. Destination Lists
Selected Answer: D
Question #: 230
Topic #: 1
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
A. Application Control
B. Security Category Blocking
C. Content Category Blocking
D. File Analysis
Selected Answer: C
Question #: 231
Topic #: 1
How is Cisco Umbrella configured to log only security events?
A. per policy
B. in the Reporting settings
C. in the Security Settings section
D. per network in the Deployments section
Selected Answer: A
Question #: 232
Topic #: 1
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
A. Cisco AMP
B. Cisco AnyConnect
C. Cisco Dynamic DNS
D. Cisco Talos
Selected Answer: D
Question #: 233
Topic #: 1
What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.)
A. blocked ports
B. simple custom detections
C. command and control
D. allowed applications
E. URL
Selected Answer: BD
Question #: 234
Topic #: 1
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)
A. computer identity
B. Windows service
C. user identity
D. Windows firewall
E. default browser
Selected Answer: BD
Question #: 235
Topic #: 1
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?
A. NGFW
B. AMP
C. WSA
D. ESA
Selected Answer: C
Question #: 236
Topic #: 1
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)
A. Patch for cross-site scripting.
B. Perform backups to the private cloud.
C. Protect against input validation and character escapes in the endpoint.
D. Install a spam and virus email filter.
E. Protect systems with an up-to-date antimalware program.
Selected Answer: DE
Question #: 237
Topic #: 1
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.
Which two solutions mitigate the risk of this ransomware infection? (Choose two.)
A. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
B. Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network.
C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.
D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.
Selected Answer: AC
Question #: 238
Topic #: 1
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?
A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
B. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.
C. EPP focuses on network security, and EDR focuses on device security.
D. EDR focuses on network security, and EPP focuses on device security.
Selected Answer: A
Question #: 239
Topic #: 1
An engineer is configuring AMP for endpoints and wants to block certain files from executing.
Which outbreak control method is used to accomplish this task?
A. device flow correlation
B. simple detections
C. application blocking list
D. advanced custom detections
Selected Answer: C
Question #: 240
Topic #: 1
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from
ISE.
Which CoA type achieves this goal?
A. Port Bounce
B. CoA Terminate
C. CoA Reauth
D. CoA Session Query
Selected Answer: D
