350-701 VOL3 Flashcards

1
Q

How does Cisco Umbrella provide security without negatively impacting network latency or the
performance of endpoint?

A

A. Umbrella resolves DNS queries based on Cisco Talos global threat intelligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following describe ways that a Cloud Access Security Broker (CASB) solution can
provide cloud application security without being involved in the actual data path? (Select two.)

A

A. CASB solutions provide logging and event data about the cloud application, as well as user
activity
B. CASB solutions leverage API calls between the broker and the cloud applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does the Cisco Umbrella solution provide enterprise-wide security services in as little as a
few minutes?

A

B. By updating user configurations for DNS resolution endpoints will be immediately
protected using the default global protection policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following describe benefits of the Cisco AMP product? (Select two)

A

A. AMP detects and tracks malware attacks and provides remediation support against these
persistent attacks.
D. AMP can control outbreaks in the network through the use of custom detection
capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following application layer preprocessor on the Cisco Firepower platform is
responsible for decoding and normalizing web-based requests sent using HTTP and the
associated responses received from web servers?

A

B. HTTP Inspect Preprocessor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following application layer preprocessor on the Cisco Firepower platform is used to
examine encrypted traffic to detect attempts to exploit the Heartbleed bug and to generate
events when dete4cted?

A

D. SSL Preprocessor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following can be managed by the Cisco Firepower Management Center? (Select
three)

A

B. Cisco 7000 and 8000 series
C. ASA Firepower modules
D. NGIPSv devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You want to implement AAA on a Cisco router to centrally manage the authentication and
authorization controls. What is typically the first global command used to do this and is
mandatory?

A

A. aaa new-model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following statements regarding the Cisco Firepower NGIPS in passive deployment
mode is true?

A

A. A switch port configured as a SPAN or mirror is needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following Cisco devices can be managed by Cisco Security Manager? (Select three

A

A. Cisco ASA 5500 series
D. Cisco IPS 4200 series
E. Cisco AnyConnect Secure Mobility Client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following describes the Cisco next-generation NAC product that is used to manage
endpoints, users, and devices within a zero-trust architecture?

A

C. Cisco ISE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following should be implemented to prevent ethernet interfaces from being
saturated by broadcast traffic?

A

D. Strom Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following features of the Cisco Firepower solution uses reputation intelligence to
block connections to or from IP addresses, URLs, and domain names?

A

B. Security Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When you integrate a Cisco ISE to an existing Active Directory one of the prerequisites is that the
Cisco ISE sever and the Active Directory is synced using NTP. What is the maximum allowed time
difference between these two devices?

A

C. 5 minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What else needs to be configured on router R1?

A

C. ntp server 10.100.100.1 key 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following statements are true regarding stateful and stateless packet filtering in a
Cisco ASA firepower?

A

B. Stateful packet filtering tracks communication settings in a state table.

17
Q

Which of the following terms is used to describe a software weakness that compromises its
functionality?

A

D. vulnerability

18
Q

Which of the following malware types is typically used to create back doors to give malicious
users access to a system?

A

C. Trojan Horse

19
Q

Which of the following is a technique that utilizes port 53 to exfiltrate data and can be used for
command-and-control callbacks?

A

B. DNS Tunneling

20
Q

What is the name of the Cisco branded Cloud Access Security Broker (CASB) product offering?

A

A. Cloudlock