350-701: Implementing and Operating Cisco Security Core Technologies Part 6
Question #: 301
Topic #: 1
When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?
A. guest
B. limited Internet
C. blocked
D. full Internet
Selected Answer: C
Question #: 302
Topic #: 1
What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)
A. Allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. Creates complex tasks for managing code
Selected Answer: AD
Question #: 303
Topic #: 1
DRAG DROP –
Drag and drop the posture assessment flow actions from the left into a sequence on the right.
Select and Place:
Suggestion Answer:
Question #: 304
Topic #: 1
Refer to the exhibit.
What does the API key do while working with https://api.amp.cisco.com/v1/computers?
A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication
Selected Answer: D
Question #: 305
Topic #: 1
Which statement describes a serverless application?
A. The application delivery controller in front of the server farm designates on which server the application runs each time.
B. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.
C. The application is installed on network equipment and not on physical servers.
D. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.
Selected Answer: B
Question #: 306
Topic #: 1
What is a description of microsegmentation?
A. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.
B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.
C. Environments deploy centrally managed host-based firewall rules on each server or container.
D. Environments implement private VLAN segmentation to group servers with similar applications.
Selected Answer: B
Question #: 307
Topic #: 1
Which Cisco WSA feature supports access control using URL categories?
A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions
Selected Answer: C
Question #: 308
Topic #: 1
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?
A. Restrict access to only websites with trusted third-party signed certificates.
B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.
C. Upload the organization root CA to Cisco Umbrella.
D. Install the Cisco Umbrella root CA onto the user’s device.
Selected Answer: D
Question #: 309
Topic #: 1
What is the purpose of joining Cisco WSAs to an appliance group?
A. All WSAs in the group can view file analysis results.
B. The group supports improved redundancy
C. It supports cluster operations to expedite the malware analysis process.
D. It simplifies the task of patching multiple appliances.
Selected Answer: A
Question #: 310
Topic #: 1
Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?
A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication
Selected Answer: C
Question #: 311
Topic #: 1
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?
A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo
Selected Answer: A
Question #: 312
Topic #: 1
Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.)
A. Assignments to endpoint groups are made dynamically, based on endpoint attributes.
B. Endpoint supplicant configuration is deployed.
C. A centralized management solution is deployed.
D. Patch management remediation is performed.
E. The latest antivirus updates are applied before access is allowed.
Selected Answer: DE
Question #: 313
Topic #: 1
What is an advantage of the Cisco Umbrella roaming client?
A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment
Selected Answer: B
Question #: 314
Topic #: 1
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect
Selected Answer: B
Question #: 315
Topic #: 1
Which two Cisco ISE components must be configured for BYOD? (Choose two.)
A. local WebAuth
B. central WebAuth
C. null WebAuth
D. guest
E. dual
Selected Answer: BD
Question #: 316
Topic #: 1
Which system performs compliance checks and remote wiping?
A. MDM
B. ISE
C. AMP
D. OTP
Selected Answer: A
Question #: 317
Topic #: 1
An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?
A. single interface
B. multi-context
C. transparent
D. two-interface
Selected Answer: D
Question #: 318
Topic #: 1
A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)
A. RADIUS communication must be permitted between the ISE server and the domain controller.
B. The ISE account must be a domain administrator in Active Directory to perform JOIN operations.
C. Active Directory only supports user authentication by using MSCHAPv2.
D. LDAP communication must be permitted between the ISE server and the domain controller.
E. Active Directory supports user and machine authentication by using MSCHAPv2.
Selected Answer: DE
Question #: 319
Topic #: 1
Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?
A. inter-EPG isolation
B. inter-VLAN security
C. intra-EPG isolation
D. placement in separate EPGs
Selected Answer: C
Question #: 320
Topic #: 1
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)
A. Create an LDAP authentication realm and disable transparent user identification.
B. Create NTLM or Kerberos authentication realm and enable transparent user identification.
C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.
D. The eDirectory client must be installed on each client workstation.
E. Deploy a separate eDirectory server; the client IP address is recorded in this server.
Selected Answer: BC
Question #: 321
Topic #: 1
Which baseline form of telemetry is recommended for network infrastructure devices?
A. SDNS
B. NetFlow
C. passive taps
D. SNMP
Selected Answer: B
Question #: 322
Topic #: 1
In which scenario is endpoint-based security the solution?
A. inspecting encrypted traffic
B. device profiling and authorization
C. performing signature-based application control
D. inspecting a password-protected archive
Selected Answer: D
Question #: 323
Topic #: 1
Refer to the exhibit. What is the result of the Python script?
A. It uses the POST HTTP method to obtain a username and password to be used for authentication.
B. It uses the POST HTTP method to obtain a token to be used for authentication.
C. It uses the GET HTTP method to obtain a token to be used for authentication.
D. It uses the GET HTTP method to obtain a username and password to be used for authentication
Selected Answer: B
Question #: 324
Topic #: 1
Which two parameters are used for device compliance checks? (Choose two.)
A. endpoint protection software version
B. Windows registry values
C. DHCP snooping checks
D. DNS integrity checks
E. device operating system version
Selected Answer: BE
Question #: 325
Topic #: 1
Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
A. Cisco Defense Orchestrator
B. Cisco Configuration Professional
C. Cisco Secureworks
D. Cisco DNAC
Selected Answer: A
Question #: 326
Topic #: 1
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?
A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service
Selected Answer: D
Question #: 327
Topic #: 1
Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?
A. OpenIOC
B. OpenC2
C. CybOX
D. STIX
Selected Answer: D
Question #: 328
Topic #: 1
What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?
A. Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not
B. Cisco AMP for Endpoints automatically researches indicators of compromise and confirms threats and Cisco Umbrella does not
C. Cisco AMP for Endpoints prevents, detects, and responds to attacks before damage can be done, and Cisco Umbrella provides the first line of defense against Internet threats
D. Cisco AMP for Endpoints prevents connections to malicious destinations, and Cisco Umbrella works at the file level to prevent the initial execution of malware
Selected Answer: C
Question #: 329
Topic #: 1
What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)
A. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE
B. Southbound APIs utilize CLI, SNMP, and RESTCONF
C. Southbound APIs are used to define how SDN controllers integrate with applications
D. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices
E. Southbound interfaces utilize device configurations such as VLANs and IP addresses
Selected Answer: AB
Question #: 330
Topic #: 1
Refer to the exhibit. What is the function of the Python script code snippet for the Cisco ASA REST API?
A. changes the hostname of the Cisco ASA
B. adds a global rule into policies
C. deletes a global rule from policies
D. obtains the saved configuration of the Cisco ASA firewall
Selected Answer: C
Question #: 331
Topic #: 1
DRAG DROP –
Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.
Select and Place:
Suggestion Answer:
Question #: 332
Topic #: 1
What are two functions of secret key cryptography? (Choose two.)
A. utilization of less memory
B. utilization of large prime number iterations
C. utilization of different keys for encryption and decryption
D. key selection without integer factorization
E. provides the capability to only know the key on one side
Selected Answer: AD
Question #: 333
Topic #: 1
Refer to the exhibit. When creating an access rule for URL filtering a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?
A. Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked.
B. Only URLs for botnets with reputation scores of 1-3 will be blocked.
C. Only URLs for botnets with reputation scores of 3-5 will be blocked.
D. Only URLs for botnets with a reputation score of 3 will be blocked.
Selected Answer: B
Question #: 334
Topic #: 1
Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?
A. Cisco Container Controller
B. Cisco Cloud Platform
C. Cisco Container Platform
D. Cisco Content Platform
Selected Answer: C
Question #: 335
Topic #: 1
A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?
A. The hosts must run Cisco AsyncOS 10.0 or greater.
B. The hosts must run different versions of Cisco AsyncOS.
C. The hosts must have access to the same defined network.
D. The hosts must use a different datastore than the virtual appliance.
Selected Answer: C
Question #: 336
Topic #: 1
An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task?
A. Create a destination list for addresses to be allowed or blocked
B. Use content categories to block or allow specific addresses
C. Add the specified addresses to the identities list and create a block action
D. Modify the application settings to allow only applications to connect to required addresses
Selected Answer: A
Question #: 337
Topic #: 1
What must be enabled to secure SaaS-based applications?
A. two-factor authentication
B. end-to-end encryption
C. application security gateway
D. modular policy framework
Selected Answer: A
Question #: 338
Topic #: 1
An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?
A. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them
B. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below
C. Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device
D. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories
Selected Answer: D
Question #: 339
Topic #: 1
An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?
A. Place the policy with the most-specific configuration last in the policy order
B. Configure the default policy to redirect the requests to the correct policy
C. Make the correct policy first in the policy order
D. Configure only the policy with the most recently changed timestamp
Selected Answer: C
Question #: 340
Topic #: 1
A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?
A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
B. Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.
C. Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
D. Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.
Selected Answer: A
Question #: 341
Topic #: 1
What is the intent of a basic SYN flood attack?
A. to solicit DNS responses
B. to flush the register stack to re-initiate the buffers
C. to exceed the threshold limit of the connection queue
D. to cause the buffer to overflow
Selected Answer: C
Question #: 342
Topic #: 1
What is an advantage of network telemetry over SNMP pulls?
A. security
B. scalability
C. accuracy
D. encapsulation
Selected Answer: C
Question #: 343
Topic #: 1
What are two functions of TAXII in threat intelligence sharing? (Choose two.)
A. allows users to describe threat motivations and abilities
B. determines how threat intelligence information is relayed
C. determines the “what” of threat intelligence
D. exchanges trusted anomaly intelligence information
E. supports STIX information
Selected Answer: DE
Question #: 344
Topic #: 1
What are two functionalities of SDN Northbound APIs? (Choose two.)
A. OpenFlow is a standardized northbound API protocol
B. Northbound APIs form the interface between the SDN controller and business applications
C. Northbound APIs provide a programmable interface for applications to dynamically configure the network
D. Northbound APIs form the interface between the SDN controller and the network switches or routers
E. Northbound APIs use the NETCONF protocol to communicate with applications.
Selected Answer: BC
Question #: 345
Topic #: 1
What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?
A. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds
B. After four unsuccessful log in attempts the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL 60
C. After four unsuccessful log in attempts the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL 100
D. If four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt
Selected Answer: A
Question #: 346
Topic #: 1
What is a benefit of using a multifactor authentication strategy?
A. It provides an easy, single sign-on experience against multiple applications
B. It provides secure remote access for applications
C. It protects data by enabling the use of a second validation of identity
D. It provides visibility into devices to establish device trust
Selected Answer: C
Question #: 347
Topic #: 1
Which endpoint solution protects a user from a phishing attack?
A. Cisco AnyConnect with Network Access Manager module
B. Cisco AnyConnect with Umbrella Roaming Security module
C. Cisco Identity Services Engine
D. Cisco AnyConnect with ISE Posture module
Selected Answer: B
Question #: 348
Topic #: 1
Which role is a default guest type in Cisco ISE?
A. Contractor
B. Full-Time
C. Monthly
D. Yearly
Selected Answer: A
Question #: 349
Topic #: 1
An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be understood before choosing a solution?
A. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol
B. GRE over IPsec cannot be used as a standalone protocol, and L2TP can
C. L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701
D. GRE over IPsec adds its own header, and L2TP does not
Selected Answer: D
Question #: 350
Topic #: 1
An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?
A. editing
B. sharing
C. authoring
D. consumption
Selected Answer: D
Question #: 351
Topic #: 1
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)
A. Cisco Prime Infrastructure
B. CDP AutoDiscovery
C. Seed IP
D. PowerOn Auto Provisioning
E. Cisco Cloud Director
Selected Answer: CD
Question #: 352
Topic #: 1
Refer to the exhibit. All servers are in the same VLAN/Subnet DNS Server-1 and DNS Server-2 must communicate with each other and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?
A. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabrtEthernet0/4 as isolated ports
B. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports
C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports
D. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports
Selected Answer: D
Question #: 353
Topic #: 1
Refer to the exhibit. Which configuration item makes it possible to have the AAA session on the network?
A. aaa authentication enable default enable
B. aaa authorization network default group ise
C. aaa authentication login console ise
D. aaa authorization exec default ise
Selected Answer: B
Question #: 354
Topic #: 1
Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim’s web browser executes the code?
A. cross-site scripting
B. browser WGET
C. buffer overflow
D. SQL injection
Selected Answer: A
Question #: 355
Topic #: 1
Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)
A. Cisco ISE
B. Cisco Duo Security
C. Cisco DNA Center
D. Cisco Umbrella
E. Cisco TrustSec
Selected Answer: BD
Question #: 356
Topic #: 1
An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CES addresses. Which DNS record must be modified to accomplish this task?
A. CNAME
B. DKIM
C. MX
D. SPF
Selected Answer: C
Question #: 357
Topic #: 1
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?
A. Cisco Stealthwatch Cloud
B. Cisco WSAv
C. Cisco Cloud Orchestrator
D. Cisco ASAv
Selected Answer: D
Question #: 358
Topic #: 1
Refer to the exhibit. What are two indications of the Cisco Firepower Services Module configuration? (Choose two.)
A. The module is operating in IDS mode.
B. Traffic is blocked if the module fails.
C. The module fails to receive redirected traffic.
D. The module is operating in IPS mode.
E. Traffic continues to flow if the module fails.
Selected Answer: AE
Question #: 359
Topic #: 1
Which two parameters are used to prevent a data breach in the cloud? (Choose two.)
A. DLP solutions
B. complex cloud-based web proxies
C. strong user authentication
D. antispoofing programs
E. encryption
Selected Answer: CE
Question #: 360
Topic #: 1
What is the concept of continuous integration/continuous delivery pipelining?
A. The project code is centrally maintained, and each code change should trigger an automated build and test sequence.
B. The project is split into time-limited cycles, and focuses on pair programming for continuous code review.
C. The project is split into several phases where one phase cannot start before the previous phase finishes successfully.
D. Each project phase is independent from other phases to maintain adaptiveness and continual improvement.
Selected Answer: A
