350-701: Implementing and Operating Cisco Security Core Technologies Part 5
Question #: 241
Topic #: 1
Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)
A. malware
B. denial-of-service attacks
C. ARP spoofing
D. exploits
E. eavesdropping
Selected Answer: D
Question #: 242
Topic #: 1
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?
A. It adds endpoints to identity groups dynamically
B. It allows the endpoint to authenticate with 802.1x or MAB
C. It allows CoA to be applied if the endpoint status is compliant
D. It verifies that the endpoint has the latest Microsoft security patches installed
Selected Answer: C
Question #: 243
Topic #: 1
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?
A. SNMP
B. NMAP
C. DHCP
D. NetFlow
Selected Answer: A
Question #: 244
Topic #: 1
What is the benefit of installing Cisco AMP for Endpoints on a network?
A. It enables behavioral analysis to be used for the endpoints
B. It provides flow-based visibility for the endpoints’ network connections.
C. It protects endpoint systems through application control and real-time scanning.
D. It provides operating system patches on the endpoints for security.
Selected Answer: A
Question #: 245
Topic #: 1
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?
A. SNMP probe
B. CoA
C. external identity source
D. posture assessment
Selected Answer: B
Question #: 246
Topic #: 1
In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?
A. when there is a need to have more advanced detection capabilities
B. when there is no firewall on the network
C. when there is a need for traditional anti-malware detection
D. when there is no need to have the solution centrally managed
Selected Answer: A
Question #: 247
Topic #: 1
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)
A. RADIUS
B. TACACS+
C. DHCP
D. sFlow
E. SMTP
Selected Answer: AC
Question #: 248
Topic #: 1
What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.)
A. single sign-on access to on-premises and cloud applications
B. identification and correction of application vulnerabilities before allowing access to resources
C. secure access to on-premises and cloud applications
D. integration with 802.1x security using native Microsoft Windows supplicant
E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
Selected Answer: AC
Question #: 249
Topic #: 1
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)
A. biometric factor
B. time factor
C. confidentiality factor
D. knowledge factor
E. encryption factor
Selected Answer: AD
Question #: 250
Topic #: 1
An MDM provides which two advantages to an organization with regards to device management? (Choose two.)
A. asset inventory management
B. allowed application management
C. AD group policy management
D. network device management
E. critical device management
Selected Answer: C
Question #: 251
Topic #: 1
What is the purpose of the My Devices Portal in a Cisco ISE environment?
A. to register new laptops and mobile devices
B. to manage and deploy antivirus definitions and patches on systems owned by the end user
C. to provision userless and agentless systems
D. to request a newly provisioned mobile device
Selected Answer: A
Question #: 252
Topic #: 1
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
A. Cisco Prime Infrastructure
B. Cisco ESA
C. Cisco WiSM
D. Cisco ISE
Selected Answer: D
Question #: 253
Topic #: 1
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.)
A. It integrates with third-party products to provide better visibility throughout the network.
B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.
C. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.
D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).
E. It allows multiple security products to share information and work together to enhance security posture in the network.
Selected Answer: BD
Question #: 254
Topic #: 1
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?
A. Tetra Engine to detect malware when the endpoint is connected to the cloud
B. ClamAV Engine to perform email scanning
C. Spero Engine with machine learning to perform dynamic analysis
D. Ethos Engine to perform fuzzy fingerprinting
Selected Answer: D
Question #: 255
Topic #: 1
What is a benefit of conducting device compliance checks?
A. It validates if anti-virus software is installed.
B. It scans endpoints to determine if malicious activity is taking place.
C. It indicates what type of operating system is connecting to the network.
D. It detects email phishing attacks.
Selected Answer: A
Question #: 256
Topic #: 1
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
A. Context Visibility
B. Accounting Reports
C. Adaptive Network Control Policy List
D. RADIUS Live Logs
Selected Answer: D
Question #: 257
Topic #: 1
What is the role of an endpoint in protecting a user from a phishing attack?
A. Ensure that antivirus and antimalware software is up-to-date.
B. Use machine learning models to help identify anomalies and determine expected sending behavior.
C. Use Cisco Stealthwatch and Cisco ISE Integration.
D. Utilize 802.1X network security to ensure unauthorized access to resources.
Selected Answer: A
Question #: 258
Topic #: 1
Why is it important to implement MFA inside of an organization?
A. To prevent brute force attacks from being successful.
B. To prevent phishing attacks from being successful.
C. To prevent DoS attacks from being successful.
D. To prevent man-in-the-middle attacks from being successful.
Selected Answer: B
Question #: 259
Topic #: 1
Which posture assessment requirement provides options to the client for remediation within a certain timeframe?
A. audit
B. mandatory
C. visibility
D. optional
Selected Answer: B
Question #: 260
Topic #: 1
An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue?
A. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard.
B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard.
C. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains.
D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.
Selected Answer: D
Question #: 261
Topic #: 1
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?
A. The hash being uploaded is part of a set in an incorrect format.
B. The engineer is attempting to upload a file instead of a hash.
C. The file being uploaded is incompatible with simple detections and must use advanced detections.
D. The engineer is attempting to upload a hash created using MD5 instead of SHA-256.
Selected Answer: B
Question #: 262
Topic #: 1
What is the benefit of integrating Cisco ISE with a MDM solution?
A. It provides compliance checks for access to the network.
B. It provides the ability to update other applications on the mobile device.
C. It provides the ability to add applications to the mobile device through Cisco ISE.
D. It provides network device administration access.
Selected Answer: A
Question #: 263
Topic #: 1
Which feature is leveraged by advanced antimalware capabilities to be an effective endpoint protection platform?
A. blocklisting
B. storm centers
C. big data
D. sandboxing
Selected Answer: D
Question #: 264
Topic #: 1
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?
A. The administrator must upload the file instead of the hash for Cisco AMP to use.
B. The APK must be uploaded for the application that the detection is intended.
C. The MD5 hash uploaded to the simple detection policy is in the incorrect format.
D. Detections for MD5 signatures must be configured in the advanced custom detection policies.
Selected Answer: D
Question #: 265
Topic #: 1
An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?
A. Change the IP address of the new Cisco ISE node to the same network as the others.
B. Make the new Cisco ISE node a secondary PAN before registering it with the primary.
C. Open port 8905 on the firewall between the Cisco ISE nodes.
D. Add the DNS entry for the new Cisco ISE node into the DNS server.
Selected Answer: D
Question #: 266
Topic #: 1
Which portion of the network do EPP solutions solely focus on and EDR solutions do not?
A. East-West gateways
B. server farm
C. core
D. perimeter
Selected Answer: A
Question #: 267
Topic #: 1
Which benefit does endpoint security provide the overall security posture of an organization?
A. It streamlines the incident response process to automatically perform digital forensics on the endpoint.
B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.
C. It allows the organization to detect and respond to threats at the edge of the network.
D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.
Selected Answer: D
Question #: 268
Topic #: 1
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
A. Nexus
B. Stealthwatch
C. Firepower
D. Tetration
Selected Answer: D
Question #: 269
Topic #: 1
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth.
Which product meets all of these requirements?
A. Cisco Prime Infrastructure
B. Cisco Identity Services Engine
C. Cisco Stealthwatch
D. Cisco AMP for Endpoints
Selected Answer: B
Question #: 270
Topic #: 1
How does Cisco Stealthwatch Cloud provide security for cloud environments?
A. It delivers visibility and threat detection.
B. It prevents exfiltration of sensitive data.
C. It assigns Internet-based DNS protection for clients and servers.
D. It facilitates secure connectivity between public and private networks.
Selected Answer: A
Question #: 271
Topic #: 1
Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?
A. Cisco Umbrella
B. Cisco Firepower NGIPS
C. Cisco Stealthwatch
D. Cisco Firepower
Selected Answer: A
Question #: 272
Topic #: 1
What must be used to share data between multiple security products?
A. Cisco Platform Exchange Grid
B. Cisco Rapid Threat Containment
C. Cisco Stealthwatch Cloud
D. Cisco Advanced Malware Protection
Selected Answer: D
Question #: 273
Topic #: 1
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)
A. Messenger applications cannot be segmented with standard network controls
B. Malware infects the messenger application on the user endpoint to send company data
C. Traffic is encrypted, which prevents visibility on firewalls and IPS systems
D. An exposed API for the messaging platform is used to send large amounts of data
E. Outgoing traffic is allowed so users can communicate with outside organizations
Selected Answer: CE
Question #: 274
Topic #: 1
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
A. Cisco Security Intelligence
B. Cisco Application Visibility and Control
C. Cisco Model Driven Telemetry
D. Cisco DNA Center
Selected Answer: B
Question #: 275
Topic #: 1
What provides visibility and awareness into what is currently occurring on the network?
A. CMX
B. WMI
C. Cisco Prime Infrastructure
D. Telemetry
Selected Answer: D
Question #: 276
Topic #: 1
How is ICMP used as an exfiltration technique?
A. by flooding the destination host with unreachable packets
B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address
C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host
D. by overwhelming a targeted host with ICMP echo-request packets
Selected Answer: D
Question #: 277
Topic #: 1
Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?
A. dot1x reauthentication
B. cisp enable
C. dot1x pae authenticator
D. authentication open
Selected Answer: D
Question #: 278
Topic #: 1
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
A. UDP 1700
B. TCP 6514
C. UDP 1812
D. TCP 49
Selected Answer: A
Question #: 279
Topic #: 1
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)
A. data exfiltration
B. command and control communication
C. intelligent proxy
D. snort
E. URL categorization
Selected Answer: B
Question #: 280
Topic #: 1
Which compliance status is shown when a configured posture policy requirement is not met?
A. authorized
B. compliant
C. unknown
D. noncompliant
Selected Answer: B
Question #: 281
Topic #: 1
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?
A. Cisco Stealthwatch
B. Cisco Tetration
C. Cisco AMP
D. Cisco Umbrella
Selected Answer: B
Question #: 282
Topic #: 1
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue?
A. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud.
B. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud.
C. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud.
D. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.
Selected Answer: B
Question #: 283
Topic #: 1
A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?
A. Use 802.1X with posture assessment.
B. Use MAB with profiling.
C. Use 802.1X with profiling.
D. Use MAB with posture assessment.
Selected Answer: B
Question #: 284
Topic #: 1
Drag and drop the solutions from the left onto the solution’s benefits on the right.
Select and Place:
Suggestion Answer:
Question #: 285
Topic #: 1
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
A. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud.
B. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud.
C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud.
D. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.
Selected Answer: C
Question #: 286
Topic #: 1
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements?
A. Cisco Umbrella Cloud
B. Cisco Stealthwatch Cloud PNM
C. Cisco Stealthwatch Cloud PCM
D. Cisco Umbrella On-Premises
Selected Answer: A
Question #: 287
Topic #: 1
What is a benefit of performing device compliance?
A. providing multi-factor authentication
B. verification of the latest OS patches
C. providing attribute-driven policies
D. device classification and authorization
Selected Answer: B
Question #: 288
Topic #: 1
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?
A. malware installation
B. network footprinting
C. command-and-control communication
D. data exfiltration
Selected Answer: C
Question #: 289
Topic #: 1
How is data sent out to the attacker during a DNS tunneling attack?
A. as part of the domain name
B. as part of the UDP/53 packet payload
C. as part of the TCP/53 packet header
D. as part of the DNS response packet
Selected Answer: A
Question #: 290
Topic #: 1
Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802. 1X deployment and has difficulty with some endpoints gaining access. Most PCs and
IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?
A. Configure authentication event fail retry 2 action authorize vlan 41 on the interface.
B. Add mab to the interface configuration.
C. Enable insecure protocols within Cisco ISE in the allowed protocols configuration.
D. Change the default policy in Cisco ISE to allow all devices not using machine authentication.
Selected Answer: B
Question #: 291
Topic #: 1
Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find pattern on threats. Which term describes this process?
A. authoring
B. consumption
C. deployment
D. sharing
Selected Answer: D
Question #: 292
Topic #: 1
Refer to the exhibit. What will occur when this device tries to connect to the port?
A. 802. 1X will not work, but MAB will start and allow the device on the network.
B. 802. 1X will work and the device will be allowed on the network.
C. 802. 1X will not work and the device will not be allowed network access.
D. 802. 1X and MAB will both be used and ISE can use policy to determine the access level.
Selected Answer: B
Question #: 293
Topic #: 1
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?
A. flow insight variation
B. software package variation
C. interpacket variation
D. process details variation
Selected Answer: C
Question #: 294
Topic #: 1
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?
A. SNMP
B. SMTP
C. syslog
D. model-driven telemetry
Selected Answer: D
Question #: 295
Topic #: 1
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)
A. TACACS+
B. central web auth
C. single sign-on
D. multiple factor auth
E. local web auth
Selected Answer: BE
Question #: 296
Topic #: 1
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
A. RSA SecureID
B. Internal Database
C. Active Directory
D. LDAP
Selected Answer: C
Question #: 297
Topic #: 1
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
A. Cisco Identity Services Engine and AnyConnect Posture module
B. Cisco Stealthwatch and Cisco Identity Services Engine integration
C. Cisco ASA firewall with Dynamic Access Policies configured
D. Cisco Identity Services Engine with PxGrid services enabled
Selected Answer: C
Question #: 298
Topic #: 1
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?
A. Cisco Identity Services Engine
B. Cisco Enterprise Security Appliance
C. Cisco Web Security Appliance
D. Cisco Advanced Stealthwatch Appliance
Selected Answer: C
Question #: 299
Topic #: 1
What are two things to consider when using PAC files with the Cisco WSA? (Choose two.)
A. If the WSA host port is changed, the default port redirects web traffic to the correct port automatically.
B. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.
D. The WSA hosts PAC files on port 6001 by default.
E. By default, they direct traffic through a proxy when the PC and the host are on the same subnet.
Selected Answer: BC
Question #: 300
Topic #: 1
Which IETF attribute is supported for the RADIUS CoA feature?
A. 24 State
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 81 Message-Authenticator
Selected Answer: A
