Ultimate Guide to Prepare Free Cisco 350-701 Exam Questions & Answer [Q32-Q49] | DumpsMaterials

  • Home
  • Articles
  • Ultimate Guide to Prepare Free Cisco 350-701 Exam Questions & Answer [Q32-Q49]

Ultimate Guide to Prepare Free Cisco 350-701 Exam Questions & Answer [Q32-Q49]

Share

Ultimate Guide to Prepare Free Cisco 350-701 Exam Questions & Answer

Pass Cisco 350-701 Tests Engine pdf - All Free Dumps

NEW QUESTION 32
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

  • A. Configure incoming content filters.
  • B. Bypass LDAP access queries in the recipient access table.
  • C. Use Bounce Verification
  • D. Configure Directory Harvest Attack Prevention

Answer: A

Explanation:
Explanation

 

NEW QUESTION 33
What is an attribute of the DevSecOps process?

  • A. security scanning and theoretical vulnerabilities
  • B. development security
  • C. isolated security team
  • D. mandated security controls and check lists

Answer: B

Explanation:
Explanation
Explanation
DevSecOps (development, security, and operations) is a concept used in recent years to describe how to move security activities to the start of the development life cycle and have built-in security practices in the continuous integration/continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing security closer to IT and business objectives.
Three key things make a real DevSecOps environment:
+ Security testing is done by the development team.
+ Issues found during that testing is managed by the development team.
+ Fixing those issues stays within the development team.

 

NEW QUESTION 34
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

  • A. process details variation
  • B. software package variation
  • C. flow insight variation
  • D. interpacket variation

Answer: D

Explanation:
The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc
+ Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.
The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc
+ Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.
Reference:
cisco_nexus_9300_ex_platform_switches_white_paper_uki.pdf
The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc
+ Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.
cisco_nexus_9300_ex_platform_switches_white_paper_uki.pdf

 

NEW QUESTION 35
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.
Which task can you perform to determine where each message was lost?

  • A. Configure the trackingconfig command to enable message tracking.
  • B. Perform a trace.
  • C. Generate a system report.
  • D. Review the log files.

Answer: A

Explanation:
Message tracking helps resolve help desk calls by giving a detailed view of message flow. For example, if a message was not delivered as expected, you can determine if it was found to contain a virus or placed in a spam quarantine - or if it is located somewhere else in the mail stream.
Message tracking helps resolve help desk calls by giving a detailed view of message flow. For example, if a message was not delivered as expected, you can determine if it was found to contain a virus or placed in a spam quarantine - or if it is located somewhere else in the mail stream.
Reference:
b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011110.html
Message tracking helps resolve help desk calls by giving a detailed view of message flow. For example, if a message was not delivered as expected, you can determine if it was found to contain a virus or placed in a spam quarantine - or if it is located somewhere else in the mail stream.
b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011110.html

 

NEW QUESTION 36
Under which two circumstances is a CoA issued? (Choose two)

  • A. A new Identity Service Engine server is added to the deployment with the Administration persona
  • B. An endpoint is profiled for the first time.
  • C. A new Identity Source Sequence is created and referenced in the authentication policy.
  • D. A new authentication rule was added to the policy on the Policy Service node.
  • E. An endpoint is deleted on the Identity Service Engine server.

Answer: B,E

Explanation:
The profiling service issues the change of authorization in the following cases:
- Endpoint deleted-When an endpoint is deleted from the Endpoints page and the endpoint is disconnected or removed from the network.
An exception action is configured-If you have an exception action configured per profile that leads to an unusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to the corresponding static profile by issuing a CoA.
- An endpoint is profiled for the first time-When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.
+ An endpoint identity group has changed-When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.
The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:
++ The endpoint identity group changes for endpoints when they are dynamically profiled ++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/ b_ise_admin_guide_20_chapter_010100.html
++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy.
Reference:
++ The endpoint identity group changes for endpoints when they are dynamically profiled ++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/ b_ise_admin_guide_20_chapter_010100.html

 

NEW QUESTION 37
Which statement about IOS zone-based firewalls is true?

  • A. Only one interface can be assigned to a zone.
  • B. An interface can be assigned only to one zone.
  • C. An unassigned interface can communicate with assigned interfaces
  • D. An interface can be assigned to multiple zones.

Answer: B

 

NEW QUESTION 38
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

  • A. Cisco Identity Services Engine and AnyConnect Posture module
  • B. Cisco ASA firewall with Dynamic Access Policies configured
  • C. Cisco Identity Services Engine with PxGrid services enabled
  • D. Cisco Stealthwatch and Cisco Identity Services Engine integration

Answer: A

 

NEW QUESTION 39
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

  • A. CoA
  • B. SNMP probe
  • C. posture assessment
  • D. external identity source

Answer: B

 

NEW QUESTION 40
Drag and drop the capabilities from the left onto the correct technologies on the right.

Answer:

Explanation:

 

NEW QUESTION 41
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

  • A. interesting file access
  • B. file access from a different user
  • C. privilege escalation
  • D. user login suspicious behavior

Answer: D

Explanation:
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.

 

NEW QUESTION 42
Which command enables 802.1X globally on a Cisco switch?

  • A. dot1x system-auth-control
  • B. dot1x pae authenticator
  • C. aaa new-model
  • D. authentication port-control aut

Answer: A

 

NEW QUESTION 43
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network Which solution meets these requirements?

  • A. Cisco Umbrella Cloud
  • B. Cisco Stealthwatch Cloud PNM
  • C. Cisco Stealthwatch Cloud PCM
  • D. Cisco Umbrella On-Premises

Answer: A

 

NEW QUESTION 44
How is DNS tunneling used to exfiltrate data out of a corporate network?

  • A. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
  • B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
  • C. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.
  • D. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Answer: B

Explanation:
Explanation
Domain name system (DNS) is the protocol that translates human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13. Because DNS messages are only used as the beginning of each communication and they are not intended for data transfer, many organizations do not monitor their DNS traffic for malicious activity. As a result, DNS-based attacks can be effective if launched against their networks. DNS tunneling is one such attack.
An example of DNS Tunneling is shown below:

The attacker incorporates one of many open-source DNS tunneling kits into an authoritative DNS nameserver (NS) and malicious payload.
2. An IP address (e.g. 1.2.3.4) is allocated from the attacker's infrastructure and a domain name (e.g. attackerdomain.com) is registered or reused. The registrar informs the top-level domain (.com) nameservers to refer requests for attackerdomain.com to ns.attackerdomain.com, which has a DNS record mapped to 1.2.3.4
3. The attacker compromises a system with the malicious payload. Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, P028X977W,...).
4. The payload initiates thousands of unique DNS record requests to the attacker's domain with each string as a part of the domain name (e.g. 3KJ242AIE9.attackerdomain.com). Depending on the attacker's patience and stealth, requests can be spaced out over days or months to avoid suspicious network activity. 5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver, 6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data. Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0
5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver,
6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data.
a part of the domain name (e.g. 3KJ242AIE9.attackerdomain.com). Depending on the attacker's patience and stealth, requests can be spaced out over days or months to avoid suspicious network activity. 5. The requests are forwarded to a recursive DNS resolver. During resolution, the requests are sent to the attacker's authoritative DNS nameserver, 6. The tunneling kit parses the encoded strings and rebuilds the exfiltrated data. Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0

 

NEW QUESTION 45
Which type of attack is social engineering?

  • A. phishing
  • B. malware
  • C. MITM
  • D. trojan

Answer: A

 

NEW QUESTION 46
An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and dat a. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

  • A. Virtual LAN
  • B. Access control policy
  • C. Microsegmentation
  • D. Virtual routing and forwarding

Answer: C

Explanation:
Explanation
Zero Trust is a security framework requiring all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location.
The Zero Trust model uses microsegmentation - a security technique that involves dividing perimeters into small zones to maintain separate access to every part of the network - to contain attacks.

 

NEW QUESTION 47
Which two activities can be done using Cisco DNA Center? (Choose two.)

  • A. provision
  • B. DHCP
  • C. accounting
  • D. DNS
  • E. design

Answer: A,E

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and- management/dna-center/1-2-1/user_guide/b_dnac_ug_1_2_1/b_dnac_ug_1_2_chapter_00.pdf

 

NEW QUESTION 48
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

  • A. It decrypts HTTPS application traffic for authenticated users.
  • B. It provides enhanced HTTPS application detection for AsyncOS.
  • C. It alerts users when the WSA decrypts their traffic.
  • D. It decrypts HTTPS application traffic for unauthenticated users.

Answer: B

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-7/user_guide/ b_WSA_UserGuide_11_7/b_WSA_UserGuide_11_7_chapter_01011.html

 

NEW QUESTION 49
......


What Career Opportunities Will a Certified Specialist for Security Core Have?

A successful candidate who manages to pass 350-701 exam will have better opportunities to land a job in the following positions:

  • System engineer
  • Network engineer
  • Security engineer
  • Security analyst

Payscale.com has done a thorough investigation on how much such specialists can win and they reached the conclusion that a certified security engineer can get about $92k on average per year. Also, if you decide to work as a network engineer, then you should expect to receive an offer of $74k in one year while the compensation for security analysts and security architects is $76k and $124k, respectively.

 

Implementing and Operating Cisco Security Core Technologies Practice Tests 2022 | Pass 350-701 with confidence!: https://drive.google.com/open?id=1n_6cuFsBOncYY_8ACERPFjrTJoemi0Dw

Online Exam Practice Tests with detailed explanations!: https://www.dumpsmaterials.com/350-701-real-torrent.html

Related Articles

more
Cisco 350-701 Certification Practice Exam

DumpsMaterials dumps materials and dumps PDF will be your best choice. Please rest assured that our dumps materials and study materials will help you pass exams surely.

Latest Dumps Materials

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsMaterials NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy