1 / 7

350-701 VOL3-Question

350-701 Implementing and Operating Cisco Security Core Technologies VOL3

roseevans1
Download Presentation

350-701 VOL3-Question

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 350-701 Implementing and Operating Cisco Security Core Technologies VOL3 QUESTION NO: 1 How does Cisco Umbrella provide security without negatively impacting network latency or the performance of endpoint? A.Umbrella resolves DNS queries based on Cisco Talos global threat intelligence. B.Umbrella performs deep packet inspection based on Threat Grid, for retrospective security capabilities. C.Umbrella proxies all traffic through the global Cisco security cloud using anycast routing D.Umbrella utilizes firewall proxies, and notifies the firewall when to block outbound connections for at-risk traffic. Answer: A QUESTION NO: 2 Which of the following describe ways that a Cloud Access Security Broker (CASB) solution can provide cloud application security without being involved in the actual data path? (Select two.) A.CASB solutions provide logging and event data about the cloud application, as well as user activity B.CASB solutions leverage API calls between the broker and the cloud applications C.CASB solutions redirect users to secure HTTPS=based authentication portals D.CASB solutions negotiate encryption suites between the cloud application and the user interface. Answer: A, B QUESTION NO: 3 How does the Cisco Umbrella solution provide enterprise-wide security services in as little as a few minutes? A.Through the use of Cisco Meraki Systems Manager, where users can instantly push the Umbrella Roaming Client to all mobile clients both on and off premises. B.By updating user configurations for DNS resolution endpoints will be immediately protected using the default global protection policy. C.By configuring the perimeter firewall to forward client DNS requests to Cisco Umbrella. In doing this, all endpoints on the corporate network will be protected. D.By registering the publicly owned IP space and domain name with the Cisco Umbrella intelligent proxy © Copyright Prep Solutions Limited, All rights reserved

  2. Answer: B QUESTION NO: 4 Which of the following describe benefits of the Cisco AMP product? (Select two) A.AMP detects and tracks malware attacks and provides remediation support against these persistent attacks. B.AMP can automatically discover elements on the network. C.AMP provides advanced Intrusion Prevention capabilities. D.AMP can control outbreaks in the network through the use of custom detection capabilities. Answer: A, D QUESTION NO: 5 Which of the following application layer preprocessor on the Cisco Firepower platform is responsible for decoding and normalizing web-based requests sent using HTTP and the associated responses received from web servers? A.DNS Preprocessor B.HTTP Inspect Preprocessor C.Web Preprocessor D.SSL Preprocessor Answer: B QUESTION NO: 6 Which of the following application layer preprocessor on the Cisco Firepower platform is used to examine encrypted traffic to detect attempts to exploit the Heartbleed bug and to generate events when dete4cted? A.DCE/RPC Preprocessor B.GTP Preprocessor C.HTTPS Preprocessor D.SSL Preprocessor Answer: D © Copyright Prep Solutions Limited, All rights reserved

  3. QUESTION NO: 7 Which of the following can be manage by the Cisco Firepower Management Center? (Select three) A.Cisco ASA series B.Cisco 7000 and 8000 series C.ASA Firepower modules D.NGIPSv devices E.Cisco IOS routers Answer: B, C, D QUESTION NO: 8 You want to implement AAA on a Cisco router to centrally manage the authentication and authorization controls. What is typically the first global command used to do this and is mandatory? A.aaa new-model B.aaa enable C.aaa server-group D.aaa authentication login Answer: A QUESTION NO: 9 Which of the following statements regarding the Cisco Firepower NGIPS in passive deployment mode is true? A.A switch port configured as a SPAN or mirror is needed B.It can take actions such as blocking and shaping traffic C.It is deployed in band with the flow of traffic D.Traffic on a passive IPS interface is retransmitted Answer: A QUESTION NO: 10 Which of the following Cisco devices can be managed by Cisco Security Manager? (Select three) A.Cisco ASA 5500 series B.Cisco IOS routers © Copyright Prep Solutions Limited, All rights reserved

  4. C.Cisco Email Security Appliance (ESA) D.Cisco IPS 4200 series E.Cisco AnyConnect Secure Mobility Client Answer: A, D, E QUESTION NO: 11 Which of the following describes the Cisco next-generation NAC product that is used to manage endpoints, users, and devices within a zero-trust architecture? A.Cisco Firepower B.Cisco Umbrella C.Cisco ISE D.Cisco AMP Answer: C QUESTION NO: 12 Which of the following should be implemented to prevent ethernet interfaces from being saturated by broadcast traffic? A.Dynamic ARP inspection B.DHCO snooping C.BPDU Guard D.Strom Control Answer: D QUESTION NO: 13 Which of the following features of the Cisco Firepower solution uses reputation intelligence to block connections to or from IP addresses, URLs, and domain names? A.Stateful Inspection B.Security Intelligence C.Threat Intelligence D.Cisco TALOS Answer: B © Copyright Prep Solutions Limited, All rights reserved

  5. QUESTION NO: 14 When you integrate a Cisco ISE to an existing Active Directory one of the prerequisites is that the Cisco ISE sever and the Active Directory is synced using NTP. What is the maximum allowed time difference between these two devices? A.5 ms B.1 minute C.5 minutes D.10 minutes Answer: C QUESTION NO: 15 You want to synchronize the time on router R1 with an IP address of 10.10.10.1 to router R2, which is an NTP server with an IP address 10.100.100.1 You also want to use md5 authentication to do this. The following commands were issued on both R1 and R2: ntp authentication-key 5 md5 Ciscoauth. What else needs to be configured on router R1? A.ntp server 10.10.10.1 key 5 B.ntp peer 10.100.100.1 key 5 C.ntp server 10.100.100.1 key 5 D.ntp peer 10.10.10.1 key 5 Answer: C QUESTION NO: 16 Which of the following statements are true regarding stateful and stateless packet filtering in a Cisco ASA firepower? A.Stateful packet filtering supports link state routing protocols such as OPSF and IS-IS. B.Stateful packet filtering tracks communication settings in a state table. C.Only stateless packet filtering can be configured using access control lists D.Only stateful packet filtering can be used for intrusion prevention. Answer: B © Copyright Prep Solutions Limited, All rights reserved

  6. QUESTION NO: 17 Which of the following terms is used to describe a software weakness that compromises its functionality? A.exploit B.threat C.risk D.vulnerability Answer: D QUESTION NO: 18 Which of the following malware types is typically used to create back doors to give malicious users access to a system? A.Virus B.Worm C.Trojan Horse D.Man-in-the-middle Answer: C QUESTION NO:19 Which of the following is a technique that utilizes port 53 to exfiltrate data and can be used for command-and-control callbacks? A.DNS Security B.DNS Tunneling C.MacSec D.AAAA tunneling Answer: B QUESTION NO: 20 What is the name of the Cisco branded Cloud Access Security Broker (CASB) product offering? A.Cloudlock B.Umbrella C.Firepower D.Stealthwatch © Copyright Prep Solutions Limited, All rights reserved

  7. E.pxGrid Answer: A © Copyright Prep Solutions Limited, All rights reserved

More Related