350-701 Flashcards
What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)
simple custom detections
allowed applications
Which command enables 802.1X globally on a Cisco switch?
dot1x system-auth-control
What is the function of Cisco Cloudlock for data security?
data loss prevention
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)
Windows service
Windows firewall
What is a characteristic of Dynamic ARP Inspection?
DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the
DHCP snooping binding database.
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?
AMP
Where are individual sites specified to be blacklisted in Cisco Umbrella?
destination lists
Which statement about IOS zone-based firewalls is true?
An interface can be assigned only to one zone.
Which two activities can be done using Cisco DNA Center? (Choose two.)
design
provision
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
Active Directory
Which VPN technology can support a multivendor environment and secure traffic between sites?
FlexVPN
Which SNMPv3 configuration must be used to support the strongest security possible?
asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
Cisco Application Visibility and Control
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)
Install a spam and virus email filter.
Protect systems with an up-to-date antimalware program.
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.)
Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
Why would a user choose an on-premises ESA versus the CES solution?
Sensitive data must remain onsite.
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
GET VPN
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
PaaS
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
Enable Intelligent Proxy.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses andmalware? (Choose two.)
Sophos engine
outbreak filters
How is Cisco Umbrella configured to log only security events?
per policy
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?
EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
On which part of the IT environment does DevSecOps focus?
application development
Which functions of an SDN architecture require southbound APIs to enable communication?
SDN controller and the network elements
What is a characteristic of traffic storm control behavior?
Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)
put
get
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
application
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?
application blocking list
Which ASA deployment mode can provide separation of management on a shared appliance?
multiple context mode
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)
Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
Cisco Threat Grid
What provides visibility and awareness into what is currently occurring on the network?
Telemetry
Which attack is commonly associated with C and C++ programming languages?
buffer overflow
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.
Which CoA type achieves this goal?
CoA Reauth
Refer to the exhibit. Which command was used to display this output?
show dot1x all
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)
Check integer, float, or Boolean string parameters to ensure accurate values.
Use prepared statements and parameterized queries.
How does Cisco Stealthwatch Cloud provide security for cloud environments?
It delivers visibility and threat detection.
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)
SIP
SSL
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
time synchronization
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
SDN controller and the management solution
Refer to the exhibit. What is a result of the configuration?
Traffic from the inside network is redirected.
Which information is required when adding a device to Firepower Management Center?
registration key
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)
encryption
DLP
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
It tracks flow-create, flow-teardown, and flow-denied events.
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
SSL Decryption
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
brute force
man-in-the-middle
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
prevalence
Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment?
6
Which two features of Cisco Email Security can protect your organization against email threats?(choose two)
Data loss prevention
Geolocation-based filtering
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
Step 1 - Configure a Machine Agent or SIM Agent
Step 2 - Install monitoring extension for AWS EC2
Step 3 - Update config.yaml
Step 4 - Restart the Machine Agent
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
impact flags
Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?
The authentication and authorization requests are grouped in a single packet.
Which two preventive measures are used to control cross-site scripting? (Choose two.)
Enable client-side scripts on a per-domain basis.
Incorporate contextual output encoding/escaping.
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
network discovery
Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
show authentication sessions
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?
RAT
Which two capabilities does TAXII support? (Choose two.)
pull messaging
binding
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
platform service policy
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network.
The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
Cisco Identity Services Engine and AnyConnect Posture module
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)
data exfiltration
command and control communication
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
cross-site scripting
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)
The IPsec configuration that is set up on the active device must be duplicated on the standby device.
The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
show authen sess int gi0/1
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)
DHCP Snooping
Dynamic ARP inspection
