350-701: Implementing and Operating Cisco Security Core Technologies Part 7
Question #: 361
Topic #: 1
Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?
A. Cisco Stealthwatch
B. Cisco Encrypted Traffic Analytics
C. Cisco Umbrella
D. Cisco CTA
Selected Answer: A
Question #: 362
Topic #: 1
Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)
A. uses a static algorithm to determine malicious
B. determines if the email messages are malicious
C. provides a defense for on-premises email deployments
D. blocks malicious websites and adds them to a block list
E. does a real-time user web browsing behavior analysis
Selected Answer: BC
Question #: 363
Topic #: 1
Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection, enabling the platform to identify and output various applications within the network traffic flows?
A. Cisco ASAv
B. Account on Resolution
C. Cisco NBAR2
D. Cisco Prime Infrastructure
Selected Answer: C
Question #: 364
Topic #: 1
Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?
A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value¶meter2=vale&…
C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startIndex/recordsToReturn
D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device
Selected Answer: A
Question #: 365
Topic #: 1
Which function is performed by certificate authorities but is a limitation of registration authorities?
A. CRL publishing
B. certificate re-enrollment
C. verifying user identity
D. accepts enrollment requests
Selected Answer: A
Question #: 366
Topic #: 1
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
A. Cisco Duo
B. Cisco NGFW
C. Cisco AnyConnect
D. Cisco AMP for Endpoints
Selected Answer: A
Question #: 367
Topic #: 1
An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?
A. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.
B. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.
C. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas FTD does not.
D. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not.
Selected Answer: A
Question #: 368
Topic #: 1
An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?
A. Intelligent Multi-Scan
B. Anti-Virus Filtering
C. IP Reputation Filtering
D. File Analysis
Selected Answer: C
Question #: 369
Topic #: 1
Which technology enables integration between Cisco ISE and other platforms to gather and share network and vulnerability data and SIEM and location information?
A. Cisco Talos
B. SNMP
C. pxGrid
D. NetFlow
Selected Answer: C
Question #: 370
Topic #: 1
An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two.)
A. Add an SNMP USM entry.
B. Specify an SNMP user group.
C. Add an SNMP host access entry.
D. Specify the SNMP manager and UDP port.
E. Specify a community string.
Selected Answer: CD
Question #: 371
Topic #: 1
How does a WCCP-configured router identify if the Cisco WSA is functional?
A. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.
B. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the WSA.
C. The WSA-sends a Here-I-Am message every 10 seconds, and the router acknowledges with an I-See-You message.
D. The router sends a Here-I-Am message every 10 seconds, and the WSA acknowledges with an I-See-You message.
Selected Answer: C
Question #: 372
Topic #: 1
What is the recommendation in a zero-trust model before granting access to corporate applications and resources?
A. to disconnect from the network when inactive
B. to use multifactor authentication
C. to use a wired network, not wireless
D. to use strong passwords
Selected Answer: B
Question #: 373
Topic #: 1
Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?
A. InfluxDB
B. SNMP
C. Grafana
D. Splunk
Selected Answer: D
Question #: 374
Topic #: 1
Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?
A. websecurityadvancedconfig
B. webadvancedconfig
C. websecurityconfig
D. outbreakconfig
Selected Answer: A
Question #: 375
Topic #: 1
What is a feature of NetFlow Secure Event Logging?
A. It exports only records that indicate significant events in a flow.
B. It supports v5 and v8 templates.
C. It delivers data records to NSEL collectors through NetFlow over TCP only.
D. It filters NSEL events based on the traffic and event type through RSVP.
Selected Answer: A
Question #: 376
Topic #: 1
A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256 cisc0123456789 command and needs to send SNMP information to a host at 10.255.255.1. Which command achieves this goal?
A. snmp-server host inside 10.255.255.1 version 3 myv7
B. snmp-server host inside 10.255.255.1 snmpv3 myv7
C. snmp-server host inside 10.255.255.1 version 3 asmith
D. snmp-server host inside 10.255.255.1 snmpv3 asmith
Selected Answer: C
Question #: 377
Topic #: 1
Which standard is used to automate exchanging cyber threat information?
A. MITRE
B. TAXII
C. IoC
D. STIX
Selected Answer: B
Question #: 378
Topic #: 1
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?
A. elastic search
B. file trajectory
C. indication of compromise
D. retrospective detection
Selected Answer: C
Question #: 379
Topic #: 1
When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?
A. CDP
B. syslog
C. NTP
D. DNS
Selected Answer: C
Question #: 380
Topic #: 1
Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?
A. multiple context mode
B. single context mode
C. routed mode
D. transparent mode
Selected Answer: D
Question #: 381
Topic #: 1
When NetFlow is applied to an interface, which component creates the flow monitor cache that is used to collect traffic based on the key and nonkey fields in the configured record?
A. flow exporter
B. records
C. flow sampler
D. flow monitor
Selected Answer: D
Question #: 382
Topic #: 1
What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest access, and the same guest portal is used as the BYOD portal?
A. single-SSID BYOD
B. dual-SSID BYOD
C. streamlined access
D. multichannel GUI
Selected Answer: A
Question #: 383
Topic #: 1
DRAG DROP –
Drag and drop the exploits from the left onto the type of security vulnerability on the right.
Select and Place:
Suggestion Answer:
Question #: 384
Topic #: 1
Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?
A. cluster
B. multiple context
C. routed
D. transparent
Selected Answer: B
Question #: 385
Topic #: 1
An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?
A. SubCA
B. organization owned root
C. self-signed
D. third-party
Selected Answer: B
Question #: 386
Topic #: 1
An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured for this rule?
A. monitor
B. trust
C. allow
D. block
Selected Answer: C
Question #: 387
Topic #: 1
Which benefit does DMVPN provide over GETVPN?
A. DMVPN can be used over the public Internet, and GETVPN requires a private network.
B. DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.
C. DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.
D. DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.
Selected Answer: C
Question #: 388
Topic #: 1
How does Cisco Umbrella protect clients when they operate outside of the corporate network?
A. by forcing DNS queries to the corporate name servers
B. by modifying the registry for DNS lookups
C. by using the Cisco Umbrella roaming client
D. by using Active Directory group policies to enforce Cisco Umbrella DNS servers
Selected Answer: D
Question #: 389
Topic #: 1
DRAG DROP –
Drag and drop the deployment models from the left onto the corresponding explanations on the right.
Select and Place:
Suggestion Answer:
Question #: 390
Topic #: 1
An administrator is configuring NTP on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source. Which two steps must be taken to accomplish this task? (Choose two.)
A. Choose the interface for syncing to the NTP server.
B. Specify the NTP version
C. Set the NTP DNS hostname
D. Set the authentication key.
E. Configure the NTP stratum
Selected Answer: AD
Question #: 391
Topic #: 1
Which two capabilities of Integration APIs are utilized with Cisco DNA Center? (Choose two.)
A. Upgrade software on switches and routers
B. Third party reporting
C. Connect to ITSM platforms
D. Create new SSIDs on a wireless LAN controller
E. Automatically deploy new virtual routers
Selected Answer: BC
Question #: 392
Topic #: 1
What is the most common type of data exfiltration that organizations currently experience?
A. encrypted SMTP
B. SQL database injections
C. HTTPS file upload site
D. Microsoft Windows network shares
Selected Answer: C
Question #: 393
Topic #: 1
Which DoS attack uses fragmented packets in an attempt to crash a target machine?
A. teardrop
B. smurf
C. LAND
D. SYN flood
Selected Answer: A
Question #: 394
Topic #: 1
DRAG DROP –
Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.
Select and Place:
Suggestion Answer:
Question #: 395
Topic #: 1
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?
A. Configure Dynamic ARP inspection and add entries in the DHCP snooping database.
B. Configure DHCP snooping and set trusted interfaces for all client connections.
C. Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database.
D. Configure DHCP snooping and set a trusted interface for the DHCP server.
Selected Answer: D
Question #: 396
Topic #: 1
What is the process of performing automated static and dynamic analysis of files in an isolated environment against preloaded behavioral indicators for threat analysis?
A. advanced sandboxing
B. adaptive scanning
C. deep visibility scan
D. point-in-time checks
Selected Answer: A
Question #: 397
Topic #: 1
What are two benefits of Flexible NetFlow records? (Choose two.)
A. They provide accounting and billing enhancements.
B. They allow the user to configure flow information to perform customized traffic identification.
C. They provide monitoring of a wider range of IP packet information from Layer2 to 4.
D. They provide attack prevention by dropping the traffic.
E. They converge multiple accounting technologies into one accounting mechanism.
Selected Answer: AB
Question #: 398
Topic #: 1
An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG.
The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?
A. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.
B. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.
C. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI
D. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.
Selected Answer: C
Question #: 399
Topic #: 1
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
A. requires an additional license
B. performs transparent redirection
C. supports SSL decryption
D. supports VMware vMotion on VMware ESXi
Selected Answer: D
Question #: 400
Topic #: 1
What are two workload security models? (Choose two.)
A. SaaS
B. PaaS
C. off-premises
D. on-premises
E. IaaS
Selected Answer: AD
Question #: 401
Topic #: 1
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
A. Add Dropbox to the Cloudlock Authentication and API section in the Cloudlock portal.
B. Add Cloudlock to the Dropbox admin portal.
C. Send an API request to Cloudlock from Dropbox admin portal.
D. Authorize Dropbox within the Platform settings in the Cloudlock portal.
Selected Answer: D
Question #: 402
Topic #: 1
What is a benefit of using GET VPN over FlexVPN within a VPN deployment?
A. GET VPN supports Remote Access VPNs
B. GET VPN uses multiple security associations for connections
C. GET VPN natively supports MPLS and private IP networks.
D. GET VPN interoperates with non-Cisco devices.
Selected Answer: C
Question #: 403
Topic #: 1
Email security has become a high-priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (`”10.00 to `”6.00) on the Cisco ESA. Which action will the system perform to desirable any links in messages that match the filter?
A. Defang
B. FilterAction
C. Quarantine
D. ScreenAction
Selected Answer: A
Question #: 404
Topic #: 1
Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?
A. IaC
B. IaaS
C. PaaS
D. SaaS
Selected Answer: D
Question #: 405
Topic #: 1
What is a characteristic of an EDR solution and not of an EPP solution?
A. performs signature-based detection
B. decrypts SSL traffic for better visibility
C. stops all ransomware attacks
D. retrospective analysis
Selected Answer: D
Question #: 406
Topic #: 1
What is a benefit of using Cisco Umbrella?
A. Files are scanned for viruses before they are allowed to run.
B. All Internet traffic is encrypted.
C. It prevents malicious inbound traffic.
D. Attacks can be mitigated before the application connection occurs.
Selected Answer: A
Question #: 407
Topic #: 1
Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?
A. Link Aggregation
B. Reverse ARP
C. private VLANs
D. Dynamic ARP Inspection
Selected Answer: D
Question #: 408
Topic #: 1
Which command is used to log all events to a destination collector 209.165.201.10?
A. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10
B. CiscoASA(config-cmap)# flow-export event-type flow-update destination 209.165.201.10
C. CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 209.165.201.10
D. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.10
Selected Answer: C
Question #: 409
Topic #: 1
An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?
A. AES-256
B. IKEv1
C. ESP
D. AES-192
Selected Answer: B
Question #: 410
Topic #: 1
An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue?
A. The server changed its time source to stratum 1.
B. The network device is sending the wrong password to the server.
C. NTP authentication has been configured on the network device.
D. NTP authentication has been configured on the NTP server.
Selected Answer: D
Question #: 411
Topic #: 1
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
A. service password-encryption
B. username privilege 15 password
C. username password
D. service password-recovery
Selected Answer: A
Question #: 412
Topic #: 1
What is a feature of container orchestration?
A. ability to deploy Kubernetes clusters in air-gapped sites
B. automated daily updates
C. ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane
D. ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane
Selected Answer: A
Question #: 413
Topic #: 1
During a recent security audit, a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command. The VPN peer is a SOHO router with a dynamically assigned IP address. Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn.sohoroutercompany.com. In addition to the command crypto isakmp key Cisc123456789 hostname vpn.sohoroutercompany.com, what other two commands are now required on the Cisco IOS router far the VPN to continue to function after the wildcard command is removed? (Choose two.)
A. ip host vpn.sohoroutercompany.com
B. crypto isakmp identity hostname
C. Add the dynamic keyword to the existing crypto map command
D. fqdn vpn.sohoroutercompany.com
E. ip name-server
Selected Answer: CE
Question #: 414
Topic #: 1
What does Cisco ISE use to collect endpoint attributes that are used in profiling?
A. probes
B. posture assessment
C. Cisco AnyConnect Secure Mobility Client
D. Cisco pxGrid
Selected Answer: A
Question #: 415
Topic #: 1
What are two functions of IKEv1 but not IKEv2? (Choose two.)
A. IKEv1 conversations are initiated by the IKE_SA_INIT message.
B. With IKEv1, aggressive mode negotiates faster than main mode.
C. IKEv1 uses EAP for authentication.
D. NAT-T is supported in IKEv1 but not in IKEv2.
E. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.
Selected Answer: BE
Question #: 416
Topic #: 1
Which action controls the amount of URI text that is stored in Cisco WSA log files?
A. Configure the advancedproxyconfig command with the HTTPS subcommand.
B. Configure a small log-entry size.
C. Configure the datasecurityconfig command.
D. Configure a maximum packet size.
Selected Answer: A
Question #: 417
Topic #: 1
What is the most commonly used protocol for network telemetry?
A. NetFlow
B. SNMP
C. TFTP
D. SMTP
Selected Answer: A
Question #: 418
Topic #: 1
Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two.)
A. Apex licensing
B. TACACS+
C. profiling
D. DHCP and SNMP probes
E. posture agents
Selected Answer: AE
Question #: 419
Topic #: 1
What is a difference between DMVPN and sVTI?
A. DMVPN provides interoperability with other vendors, whereas sVTI does not.
B. DMVPN supports static tunnel establishment, whereas sVTI does not.
C. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.
D. DMVPN supports tunnel encryption, whereas sVTI does not.
Selected Answer: D
Question #: 420
Topic #: 1
Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains, IPs, and files, and helps to pinpoint attackers’ infrastructures and predict future threat?
A. Cisco Umbrella Investigate
B. Cisco Stealthwatch
C. Cisco pxGrid
D. Cisco Stealthwatch Cloud
Selected Answer: A
Question #: 421
Topic #: 1
Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?
A. NTP
B. SNMP
C. syslog
D. NetFlow
Selected Answer: D
Question #: 422
Topic #: 1
Which threat intelligence standard contains malware hashes?
A. advanced persistent threat
B. open command and control
C. structured threat information expression
D. trusted automated exchange of indicator information
Selected Answer: C
Question #: 423
Topic #: 1
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
A. Cisco ISE
B. Cisco FTD
C. Cisco Umbrella
D. Cisco ASA
Selected Answer: A
Question #: 424
Topic #: 1
Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.)
A. flow-export event-type
B. policy-map
C. access-list
D. flow-export template timeout-rate 15
E. access-group
Selected Answer: AB
Question #: 425
Topic #: 1
What are two trojan malware attacks? (Choose two.)
A. frontdoor
B. sync
C. smurf
D. rootkit
E. backdoor
Selected Answer: DE
Question #: 426
Topic #: 1
What are two benefits of using an MDM solution? (Choose two.)
A. enhanced DNS security for endpoint devices
B. on-device content management
C. remote wipe capabilities to protect information on lost or stolen devices
D. antimalware and antispyware functionality
E. allows for mobile endpoints to be used for authentication methods
Selected Answer: BC
