350-701 VOL3 Flashcards
How does Cisco Umbrella provide security without negatively impacting network latency or the
performance of endpoint?
A. Umbrella resolves DNS queries based on Cisco Talos global threat intelligence.
Which of the following describe ways that a Cloud Access Security Broker (CASB) solution can
provide cloud application security without being involved in the actual data path? (Select two.)
A. CASB solutions provide logging and event data about the cloud application, as well as user
activity
B. CASB solutions leverage API calls between the broker and the cloud applications
How does the Cisco Umbrella solution provide enterprise-wide security services in as little as a
few minutes?
B. By updating user configurations for DNS resolution endpoints will be immediately
protected using the default global protection policy.
Which of the following describe benefits of the Cisco AMP product? (Select two)
A. AMP detects and tracks malware attacks and provides remediation support against these
persistent attacks.
D. AMP can control outbreaks in the network through the use of custom detection
capabilities.
Which of the following application layer preprocessor on the Cisco Firepower platform is
responsible for decoding and normalizing web-based requests sent using HTTP and the
associated responses received from web servers?
B. HTTP Inspect Preprocessor
Which of the following application layer preprocessor on the Cisco Firepower platform is used to
examine encrypted traffic to detect attempts to exploit the Heartbleed bug and to generate
events when dete4cted?
D. SSL Preprocessor
Which of the following can be managed by the Cisco Firepower Management Center? (Select
three)
B. Cisco 7000 and 8000 series
C. ASA Firepower modules
D. NGIPSv devices
You want to implement AAA on a Cisco router to centrally manage the authentication and
authorization controls. What is typically the first global command used to do this and is
mandatory?
A. aaa new-model
Which of the following statements regarding the Cisco Firepower NGIPS in passive deployment
mode is true?
A. A switch port configured as a SPAN or mirror is needed
Which of the following Cisco devices can be managed by Cisco Security Manager? (Select three
A. Cisco ASA 5500 series
D. Cisco IPS 4200 series
E. Cisco AnyConnect Secure Mobility Client
Which of the following describes the Cisco next-generation NAC product that is used to manage
endpoints, users, and devices within a zero-trust architecture?
C. Cisco ISE
Which of the following should be implemented to prevent ethernet interfaces from being
saturated by broadcast traffic?
D. Strom Control
Which of the following features of the Cisco Firepower solution uses reputation intelligence to
block connections to or from IP addresses, URLs, and domain names?
B. Security Intelligence
When you integrate a Cisco ISE to an existing Active Directory one of the prerequisites is that the
Cisco ISE sever and the Active Directory is synced using NTP. What is the maximum allowed time
difference between these two devices?
C. 5 minutes
What else needs to be configured on router R1?
C. ntp server 10.100.100.1 key 5