CCNP SCOR 350-701 - Actual Exam Questions Flashcards

Question 1

Q

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements

B. management console and the SDN controller

C. management console and the cloud

D. SDN controller and the cloud

Answer

A

A) SDN controller and the network elements

Southbound APIs that relay information between the controller and the individual network devices (such as switches, access points, routers, and firewalls)

https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html

Question 2

Q

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

A. put

B. options

C. get

D. push

E. connect

Answer

A

A-C

Request Structure

Available request methods are:

GET – Retrieves data from the specified object.

PUT – Adds the supplied information to the specified object; returns a 404 Resource Not Found error if the object does not exist.

POST – Creates the object with the supplied information.

DELETE – Deletes the specified object.

PATCH – Applies partial modifications to the specified object.

https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html#pgfId-68826

Question 3

Q

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud

B. management console and the SDN controller

C. management console and the cloud

D. SDN controller and the management solution

Answer

A

D) SDN controller and the management solution

Northbound APIs are the link between the applications and the SDN controller. The applications can tell the network what they need (data, storage, bandwidth, and so on) and the network can deliver those resources, or communicate what it has. These APIs support a wide variety of applications

Question 4

Q

What is a feature of the open platform capabilities of Cisco DNA Center?

A. application adapters

B. domain integration

C. intent-based APIs

D. automation adapters

Answer

A

C) intent-based APIs

The Cisco DNA Center open platform for intent-based networking provides 360-degree extensibility across multiple components, including:

● Intent-based APIs

● Process adapters

● Domain adapters

● SDKs

Question 5

Q

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?

A. create an SNMP pull mechanism for managing AMP

B. gather network telemetry information from AMP for endpoints

C. get the process and PID information from the computers in the network

D. gather the network interface information about the computers AMP sees

Answer

A

D. Gather the network interface information about the computers AMP sees

Verified correct.

Question 6

Q

Which form of attack is launched using botnets?

A. TCP flood

B. DDOS

C. DOS

D. virus

Question 7

Q

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. smurf

B. distributed denial of service

C. cross-site scripting

D. rootkit exploit

Answer

A

C. cross-site scripting

Verified correct

Question 8

Q

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. user input validation in a web page or web application

B. Linux and Windows operating systems

C. database

D. web page images

Answer

A

A. user input validation in a web page or web application

Verified correct

Question 9

Q

What is the difference between deceptive phishing and spear phishing?

A. Deceptive phishing is an attack aimed at a specific user in the organization who holds a C-level role.

B. A spear-phishing campaign is aimed at a specific person versus a group of people.

C. Spear phishing is when the attack is aimed at the C-level executives of an organization.

D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Answer

A

B. A spear-phishing campaign is aimed at a specific person versus a group of people

Verified correct

Question 10

Q

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

A. The attack is fragmented into groups of 16 octets before transmission

B. The attack is fragmented into groups of 8 octets before transmission

C. Short synchronized bursts of traffic are used to disrupt TCP connections

D. Malformed packets are used to crash systems

E. Publicly accessible DNS servers are typically used to execute the attack

Answer

A

B) The attack is fragmented into groups of 8 octets before transmission

D) Malformed packets are used to crash systems

Question 11

Q

Which two mechanisms are used to control phishing attacks? (Choose two.)

A. Enable browser alerts for fraudulent websites.

B. Define security group memberships.

C. Revoke expired CRL of the websites.

D. Use antispyware software.

E. Implement email filtering techniques.

Answer

A

A. Enable browser alerts for fraudulent websites.

E

Question 12

Q

Which attack is commonly associated with C and C++ programming languages?

A. Cross-site scripting

B. Water holing

C. DDoS

D. Buffer overflow

Answer

A

D. Buffer overflow

https://en.wikipedia.org/wiki/Buffer_overflow

Question 13

Q

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

A. Check integer, float, or Boolean string parameters to ensure accurate values.

B. Use prepared statements and parameterized queries.

C. Secure the connection between the web and the app tier.

D. Write SQL code instead of using object-relational mapping libraries.

E. Block SQL code execution in the web application database login.

Answer

A

A. Check integer, float, or Boolean string parameters to ensure accurate values.

B. Use prepared statements and parameterized queries.

https://en.wikipedia.org/wiki/SQL_injection

Question 14

Q

Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

A. phishing

B. brute force

C. man-in-the-middle

D. DDOS

E. teardrop

Answer

A

A. phishing

B. brute force

https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-mfa-password-security-infographic.pdf

MFA protects against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

Question 15

Q

What are two rootkit types? (Choose two.)

A. registry

B. buffer mode

C. user mode

D. bootloader

E. virtual

Answer

A

C. User mode

D. Bootloader

Question 16

Q

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers

B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data

C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network

D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

Answer

A

B) It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data

Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, PO28X977W, .

Question 17

Q

Which type of attack is social engineering?

A. trojan

B. MITM

C. phishing

D. malware

Answer

A

C. phishing

Question 18

Q

What are two DDoS attack categories? (Choose two.)

A. protocol

B. source-based

C. database

D. sequential

E. volume-based

Answer

A

A. protocol

E. volume-based

Protocol Attacks: Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more

Volume Based: Includes UDP floods, ICMP floods, and other spoofed-packet floods. … . … Application Layer Attacks.

Question 19

Q

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A. man-in-the-middle

B. LDAP injection

C. insecure API

D. cross-site scripting

Answer

A

A. man-in-the-middle

Question 20

Q

How does Cisco Advanced Phishing Protection protect users?

A. It utilizes sensors that send messages securely.

B. It uses machine learning and real-time behavior analytics.

C. It validates the sender by using DKIM.

D. It determines which identities are perceived by the sender.

Answer

A

B. It uses machine learning and real-time behavior analytics.

Verified

Cisco Advanced Phishing Protection provides Business Email Compromise (BEC) and phishing detection capabilities. It detects identity deception-based threats by performing reputation checks on sender addresses by using advanced machine learning techniques and added intelligence. This intelligence continuously adapts to drive a real-time understanding of senders and provides enhanced protection.

Question 21

Q

How does DNS Tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

B. An attacker opens a reverse DNS shell to get into the clients system and installs malware on it.

C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

D. An attacker uses a non-standard DNS port to gain access to the organizations DNS servers in order to poison the resolutions.

Answer

A

A) An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

DNS tunneling exploits the DNS protocol to tunnel malware and other data through a client-server model. The attacker registers a domain, such as badsite.com. The domain’s name server points to the attacker’s server, where a tunneling malware program is installed.

Question 22

Q

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the systems applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

A. unencrypted links for traffic

B. weak passwords for authentication

C. improper file security

D. software bugs on applications

Answer

A

A. unencrypted links for traffic

Question 23

Q

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. SYN flood

B. slowloris

C. phishing

D. pharming

Answer

A

A. SYN flood

Question 24

Q

Which two preventive measures are used to control cross-site scripting? (Choose two.)

A. Enable client-side scripts on a per-domain basis.

B. Incorporate contextual output encoding/escaping.

C. Disable cookie inspection in the HTML inspection engine.

D. Run untrusted HTML input through an HTML sanitization engine.

E. SameSite cookie attribute should not be used.

Answer

A

A. Enable client-side scripts on a per-domain basis

D. Run untrusted HTML input through an HTML sanitization engine.

Verified correct

Question 25

Q

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death

B. HTTP flood

C. NTP amplification

D. virus

Question 26

Q

Which two capabilities does TAXII support? (Choose two.)

A. exchange

B. pull messaging

C. binding

D. correlation

E. mitigating

Answer

A

A. exchange

B. pull messaging

Verified correct

Question 27

Q

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.

D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

Answer

A

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html#:~:text=Stateful%20failover%20for%20IPsec%20requires,accelerator%20or%20identical%20encryption%20accelerators.

Restrictions for Stateful Failover for IPsec When configuring redundancy for a VPN, the following restrictions apply: Both the active and standby devices must run the identical version of the Cisco IOS software, and both the active and standby devices must be connected via a hub or switch.

Question 28

Q

Which algorithm provides encryption and authentication for data plane communication?

A. AES-GCM

B. SHA-96

C. AES-256

D. SHA-384

Answer

A

A. AES-GCM

https://en.wikipedia.org/wiki/Galois/Counter_Mode

In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetric-key algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates. These packets contain information that the vSmart controller uses to determine the network topology, including the router’s TLOC (a tuple of the system IP address and traffic color) and AES key. The vSmart controller then places these OMP route packets into reachability advertisements that it sends to the other routers in the network. In this way, the AES keys for all the routers are distributed across the network. Even though the key exchange is symmetric, the routers use it in an asymmetric fashion. The result is a simple and scalable key exchange process that uses the Cisco vSmart Controller. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security-book/security-overview.html#id_112385

Question 29

Q

DRAG DROP -
Drag and drop the capabilities from the left onto the correct technologies on the right.
Select and Place:

Question 30

Q

Which two key and block sizes are valid for AES? (Choose two.)

A. 64-bit block size, 112-bit key length

B. 64-bit block size, 168-bit key length

C. 128-bit block size, 192-bit key length

D. 128-bit block size, 256-bit key length

E. 192-bit block size, 256-bit key length

Answer

A

C. 128-bit block size, 192-bit key length

D. 128-bit block size, 256-bit key length

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Question 31

Q

Which two descriptions of AES encryption are true? (Choose two.)

A. AES is less secure than 3DES.

B. AES is more secure than 3DES.

C. AES can use a 168-bit key for encryption.

D. AES can use a 256-bit key for encryption.

E. AES encrypts and decrypts a key three times in sequence.

Answer

A

B. AES is more secure than 3DES

D. AES can use a 256-bit key for encryption.

Question 32

Q

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. STIX

B. XMPP

C. pxGrid

D. SMTP

Question 33

Q

DRAG DROP -
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Select and Place:

Question 34

Q

Which VPN technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN

B. GET VPN

C. FlexVPN

D. DMVPN

Answer

A

C. FlexVPN

Question 35

Q

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN

B. FlexVPN

C. IPsec DVTI

D. GET VPN

Answer

A

D. GET VPN

Question 36

Q

What is the commonality between DMVPN and FlexVPN technologies?

A. FlexVPN and DMVPN use the new key management protocol, IKEv2

B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

C. IOS routers run the same NHRP code for DMVPN and FlexVPN

D. FlexVPN and DMVPN use the same hashing algorithms

Answer

A

C. IOS routers run the same NHRP code for DMVPN and FlexVPN

Question 37

Q

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A. DTLSv1

B. TLSv1

C. TLSv1.1

D. TLSv1.2

Answer

A

A. DTLSv1

Question 38

Q

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

A. Talos

B. PSIRT

C. SCIRT

D. DEVNET

Question 39

Q

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

A. Common Vulnerabilities, Exploits and Threats

B. Common Vulnerabilities and Exposures

C. Common Exploits and Vulnerabilities

D. Common Security Exploits

Answer

A

B. Common Vulnerabilities and Exposures

Question 40

Q

Which two features of Cisco DNA Center are used in a Software-Defined Network solution? (Choose two.)

A. accounting

B. assurance

C. automation

D. authentication

E. encryption

Answer

A

B. Assurance

C. Automation

Question 41

Q

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A. ASDM

B. NetFlow

C. API

D. desktop client

Question 42

Q

What is a function of 3DES in reference to cryptography?

A. It encrypts traffic.

B. It creates one-time-use passwords.

C. It hashes files.

D. It generates private keys.

Answer

A

A. It encrypts traffic.

Question 43

Q

Which two activities can be done using Cisco DNA Center? (Choose two.)

A. DHCP

B. design

C. accounting

D. DNS

E. provision

Answer

A

B. Design

E. Provision

Question 44

Q

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A. terminal

B. selfsigned

C. url

D. profile

Answer

A

D. profile

Question 45

Q

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A. southbound API

B. westbound API

C. eastbound API

D. northbound API

Answer

A

D. northbound API

Question 46

Q

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

A. sniffing the packets between the two hosts

B. sending continuous pings

C. overflowing the buffers memory

D. inserting malicious commands into the database

Answer

A

D. inserting malicious commands into the database

Question 47

Q

What is the function of SDN southbound API protocols?

A. to allow for the static configuration of control plane applications

B. to enable the controller to use REST

C. to enable the controller to make changes

D. to allow for the dynamic configuration of control plane applications

Answer

A

C. to enable the controller to make changes

Question 48

Q

DRAG DROP -
Drag and drop the threats from the left onto examples of that threat on the right.
Select and Place:

Question 49

Q

What is the difference between Cross-site Scripting and SQL Injection attacks?

A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

B. Cross-site Scripting is an attack where code is executed from the server-side, whereas SQL Injection is an attack where code is executed from the client-side.

C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.

D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

Answer

A

B. Cross-site Scripting is an attack where code is executed from the server-side, whereas SQL Injection is an attack where code is executed from the client-side.

Question 50

Q

Drag and drop the common security threats from the left onto the definitions on the right.
Select and Place:

Answer

A

Worm
Spam
Botnet
Phishing

Question 51

Q

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A. distributed management

B. service management

C. application management

D. centralized management

Answer

A

D. centralized management

Question 52

Q

A. The list of computers, policies, and connector statuses will be received from Cisco AMP.

B. The list of computers and their current vulnerabilities will be received from Cisco AMP.

C. The compromised computers and malware trajectories will be received from Cisco AMP.

D. The compromised computers and what compromised them will be received from Cisco AMP.

Answer

A

A. The list of computers, policies, and connector statuses will be received from Cisco AMP.

Question 53

Q

A. The hostname will be printed for the client in the client ID field.

B. The hostname will be translated to an IP address and printed.

C. The script will pull all computer hostnames and print them.

D. The script will translate the IP address to FQDN and print it.

Answer

A

C. The script will pull all computer hostnames and print them.

Question 54

Q

With which components does a southbound API within a software-defined network architecture communicate?

A. applications

B. controllers within the network

C. appliances

D. devices such as routers and switches

Answer

A

D. devices such as routers and switches

Question 55

Q

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

A. BYOD onboarding

B. MAC authentication bypass

C. client provisioning

D. Simple Certificate Enrollment Protocol

Answer

A

D. Simple Certificate Enrollment Protocol

Question 56

Q

What are two characteristics of Cisco DNA Center APIs? (Choose two.)

A. They are Cisco proprietary.

B. They do not support Python scripts.

C. They view the overall health of the network.

D. They quickly provision new devices.

E. Postman is required to utilize Cisco DNA Center API calls.

Answer

A

C. They view the overall health of the network.

D. They quickly provision new devices.

Question 57

Q

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

B. A sysopt command can be used to enable NSEL on a specific interface.

C. NSEL can be used without a collector configured.

D. A flow-export event type must be defined under a policy.

Answer

A

D. A flow-export event type must be defined under a policy.

Question 58

Q

Which feature requires a network discovery policy on the Cisco Firepower NGIPS?

A. security intelligence

B. impact flags

C. health monitoring

D. URL filtering

Answer

A

B. impact flags

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/introduction_to_network_discovery_and_identity.html?bookSearch=true

Question 59

Q

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

A. correlation

B. intrusion

C. access control

D. network discovery

Answer

A

D. network discovery

Question 60

Q

What is a characteristic of traffic storm control behavior?

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

B. Traffic storm control cannot determine if the packet is unicast or broadcast.

C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Answer

A

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Question 61

Q

DRAG DROP -
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
Select and Place:

Question 62

Q

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?

A. The authentication request contains only a password

B. The authentication request contains only a username

C. The authentication and authorization requests are grouped in a single packet.

D. There is separate authentication and authorization request packets.

Answer

A

C. The authentication and authorization requests are grouped in a single packet.

Question 63

Q

Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

A. show authentication registrations

B. show authentication method

C. show dot1x all

D. show authentication sessions

Answer

A

D. show authentication sessions

Verified

Question 64

Q

Refer to the exhibit. What does the number 15 represent in this configuration?

A. privilege level for an authorized user to this router

B. access-list that identifies the SNMP devices that can access the router

C. interval in seconds between SNMPv3 authentication attempts

D. number of possible failed attempts until the SNMPv3 user is locked out

Answer

A

A. privilege level for an authorized user to this router

Answer 56

A

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

Answer 57

A

A. dot1x system-auth-control

Verified

To globally enable 802.1x authentication on the switch, use the dot1x system-auth-control command in Global Configuration mode.

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5635-configure-global-802-1x-properties-on-a-switch-through-the-c.html

Answer 58

A

A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

Verified

Dynamic ARP Inspection

To prevent ARP poisoning attacks such as the one described in the previous section, a switch must ensure that only valid ARP requests and responses are relayed. DAI prevents these attacks by intercepting all ARP requests and responses. Each of these intercepted packets is verified for valid MAC address to IP address bindings before the local ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.

DAI determines the validity of an ARP packet based on valid MAC address to IP address bindings stored in a trusted database. This database is built at runtime by DHCP snooping, provided that it is enabled on the VLANs and on the switch in question. In addition, DAI can also validate ARP packets against user-configured ARP ACLs in order to handle hosts that use statically configured IP addresses.

DAI can also be configured to drop ARP packets when the IP addresses in the packet are invalid or when the MAC addresses in the body of the ARP packet do not match the addresses specified in the Ethernet header.

Answer 59

A

D. An interface can be assigned only to one zone.

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

Answer 60

A

A. authentication server: Cisco Identity Service Engine

C. authenticator: Cisco Catalyst switch

https://www.lookingpoint.com/blog/ise-series-802.1x

Answer 61

A

D.

asa-host

(config) # SNMP-server group myv3 v3 priv asa-host
(config) #SNMP-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host
(config) #SNMP-server host inside 10.255.254.1 version 3 andy

Answer 62

A

B. An endpoint is deleted on the Identity Service Engine server.

D. An endpoint is profiled for the first time.

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

An Endpoint is Profiled for the First Time

The profiler service issues a CoA for an endpoint that is not statically assigned and profiled for the first time i.e. the profile changes from an unknown to a known profile.

An Endpoint is Deleted

The profiler service issues a CoA when an endpoint is deleted from the Endpoints page and the endpoint is most likely disconnected or removed from the network.

For more information on CoA exemptions, see the “CoA Exemptions” section.

For more information on CoA configuration details, see Table 17-2.

Answer 63

A

C. multiple context mode

Answer 64

A

A. show dot1x all

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x- pba.html

Answer 65

A

A. It tracks flow-create, flow-teardown, and flow-denied events

Verified

The ASA and ASASM implementations of NSEL provide the following major functions:

Tracks flow-create, flow-teardown, and flow-denied events, and generates appropriate NSEL data records.

Triggers flow-update events and generate appropriate NSEL data records.

Defines and exports templates that describe the progression of a flow. Templates describe the format of the data records that are exported through NetFlow. Each event has several record formats or templates associated with it.

Tracks configured NSEL collectors and delivers templates and data records to these configured NSEL collectors through NetFlow over UDP only.

Sends template information periodically to NSEL collectors. Collectors receive template definitions, normally before receiving flow records.

Filters NSEL events based on the traffic and event type through Modular Policy Framework, then sends records to different collectors. Traffic is matched based on the order in which classes are configured. After a match is found, no other classes are checked. The supported event types are flow-create, flow-denied, flow-teardown, flow-update, and all. Records can be sent to different collectors. For example, with two collectors, you can do the following:

– Log all flow-denied events that match ACL 1 to collector 1.

– Log all flow-create events to collector 1.

– Log all flow-teardown events to collector 2.

– Log all flow-update events to collector 1.

Delays the export of flow-create events.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-nsel.html

Answer 66

A

D. SNMP-server host inside 10.255.254.1 version 3 andy

https://www.cisco.com/c/en/us/td/docs/security/asa/snmp/snmpv3_tools/snmpv3_1.html

Answer 67

A

C. flow-export destination inside 1.1.1.1 2055

https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html

Answer 68

A

C. Enter the same command on host B

Answer 69

A

A. Define a NetFlow collector by using the flow-export command

B. Create a class map to match interesting traffic

Answer 70

A

C. complete no configurations

Answer 71

A

C. up to 4

Answer 72

A

A. DHCP snooping has not been enabled on all VLANs

Answer 73

A

D. VPC flow logs

Answer 74

A

A. Generate the RSA key using the crypto key generate rsa command

Verified

Asks about “algorithms” such as RSA, not protocols like ssh.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-xe-3se-3650-cr-book/sec-a1-xe-3se-3850-cr-book_chapter_0110.pdf

Answer 75

A

D. LDAP authentication for Microsoft Outlook

Answer 76

A

C. ip dhcp snooping trust

Answer 77

A

D. The access control policy is not allowing VPN traffic in.

Answer 78

A

C. authentication key mismatch

Answer 79

A

D. platform settings policy

Answer 80

A

D. platform service policy

Answer 81

A

A. Certificate Trust List

Answer 82

A

A. SIP

C. SSL

Answer 83

A

B. time synchronization

Answer 84

A

D. registration key

Answer 85

A

B. External Threat Feeds

Answer 86

A

C. aaa new-model

Answer 87

A

D. It must have inline interface pairs configured

Answer 88

A

C. multiple context mode

Answer 89

A

D. Cisco ASA

Answer 90

A

B. Cisco Umbrella

Answer 91

A

A. Storm Control

Answer 92

A

A. Multiple NetFlow collectors are supported.

Answer 93

A

D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Answer 94

A

B. Cisco FMC provides centralized management while Cisco ASDM does not.

Answer 95

A

A. Threat Intelligence Director

Answer 96

A

D. trust

E. monitor

Answer 97

A

C. It includes multiple interfaces and access rules between interfaces are customizable.

Answer 98

A

A. IP addresses

B. URLs

Answer 99

A

D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2018/pdf/BRKSEC-2064.pdf

Answer 100

A

D. preserved with stateful failover and need to be reestablished with stateless failover

Answer 101

A

B. consumption

Answer 102

A

A. Set a trusted interface for the DHCP server.

Answer 103

A

C. Synchronize the clocks of the Cisco ISE server and the AD server.

Answer 104

A

D. The remote connection will only be allowed from 1.2.3.4.

Hide Solution

Answer 105

A

C. map SNMPv3 users to SNMP views

Answer 106

A

C. AAA Server Group

Answer 107

A

D. NetFlow

Answer 108

A

C. ntp server 1.1.1.1 key 1

Answer 109

A

C. Ensure that interfaces are configured with the error-disable detection and recovery feature.

E. Enter the shutdown and no shutdown commands on the interfaces.

Answer 110

A

A. configure manager add 16

Answer 111

A

C. A Network Discovery policy to receive data from the host

Answer 112

A

A. file access from a different user

Answer 113

A

D. private cloud

Answer 114

A

B. It discovers and controls cloud apps that are connected to a company’s corporate environment.

Answer 115

A

A. DNS tunneling

Answer 116

A

D. Cisco Cloudlock

Answer 117

A

A. data loss prevention

Answer 118

A

B. user deployment of Layer 3 networks

Answer 119

A

C. vulnerabilities within protocol

Answer 120

A

B. Cisco Cloudlock

Answer 121

A

B. applications

E. data

Answer 122

A

C. Amazon Web Services

Answer 123

A

B. development security

Answer 124

A

A. application development

Answer 125

A

D. application

Answer 126

A

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Answer 127

A

D. Enable Intelligent Proxy.

Answer 128

A

D. Cloudlock

Answer 129

A

A. Service Provider managed

E. Enterprise managed

Intercloud Fabric Deployment Models

Cisco Intercloud Fabric addresses the cloud deployment requirements appropriate for two-hybrid cloud deployment models: Enterprise Managed and Service Provider Managed.

Answer 130

A

B. Cisco Cloudlock

Answer 131

A

A. Cisco Defense Orchestrator

Answer 132

A

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

Answer 133

A

B. Cisco Cloudlock

Answer 134

A

C. hypervisor OS hardening

Answer 135

A

B. Client computers do not have the Cisco Umbrella Root CA certificate installed.

Answer 136

A

C. SSL Decryption

Answer 137

A

B. Security Category Blocking

Answer 138

A

A. per policy

Answer 139

A

D. Cisco Talos

Answer 140

A

D. destination lists

Answer 141

A

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Answer 142

A

D. by being configured to send logs to a self-managed AWS S3 bucket

Answer 143

A

D. AsyncOS API

Answer 144

A

D. IP and Domain Reputation Center

Verified

IP and Domain Reputation Center

Talos’ IP and Domain Data Center is the world’s most comprehensive real-time threat detection network. The data is made up of daily security intelligence across millions of deployed web, email, firewall and IPS appliances. Talos detects and correlates threats in real time using the largest threat detection network in the world spanning web requests, emails, malware samples, open-source data sets, endpoint intelligence, and network intrusions. The Email and Web Traffic Reputation Center is able to transform some of Talos’ data into actionable threat intelligence and tools to improve your security posture.

Answer 145

A

B. Mail Transfer Agent

Answer 146

A

D. encryption

E. DLP

Answer 147

A

B. Configure policies to stop and reject communication.

Answer 148

A

D. Traffic from the inside and DMZ networks is redirected.

Answer 149

A

D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

Answer 150

A

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

Answer 151

A

A. transparent

Answer 152

A

D. It provides enhanced HTTPS application detection for AsyncOS.

Answer 153

A

C. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

Answer 154

A

A. Sensitive data must remain onsite.

Answer 155

A

A. Sophos engine

D. outbreak filters

Answer 156

A

A. Modify web proxy settings.

Answer 157

A

A. Configure Directory Harvest Attack Prevention

Answer 158

A

A. use Web Cache Communication Protocol

D. configure policy-based routing on the network infrastructure

Verified

In the case of the Web Cache Communication Protocol (WCCP), web traffic is redirected to the WSA from another network device along the client’s path to the Internet. In this case, other protocols, such as ICMP, are not redirected to the WSA.

It is possible to use Policy Based Routing (PBR) to redirect web traffic to the WSA. This is achieved by matching the correct traffic (based on TCP ports) and instructing the router/switch to redirect this traffic to the WSA.

Answer 159

A

A. reads the AD logs to map IP addresses to usernames

Answer 160

A

D. The policy was created to disable file analysis

Verified

ExamTopic community

Answer 161

A

B. quarantine and send a DLP violation notification

Verified

Cisco website

Answer 162

A

B. Use outbreak filters from SenderBase.

E. Scan quarantined emails using AntiVirus signatures.

Verified correct

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2013/CVD-EmailSecurityUsingCiscoESADesignGuide-AUG13.pdf

Answer 163

A

C. Configure the intelligent proxy

Verified

The intelligent proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called “grey” domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators wouldn’t want to block access to the whole “grey” domain for everyone but they also don’t want your users to access files that could harm their computers, compromise your company data or worse!

https://docs.umbrella.com/deployment-msp/docs/what-is-the-intelligent-proxy

Answer 164

A

B. phishing

Answer 165

A

C. Use an access policy group to configure application control settings.

Answer 166

A

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Answer 167

A

B. simple custom detections

D. allowed applications

Answer 168

A

B. Windows service

D. Windows firewall

Verified

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010111.html

Answer 169

A

D. Install a spam and virus email filter.

E. Protect systems with an up-to-date antimalware program

Verified

ExamTopics community

Answer 170

A

C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Verified

Examtopics community

Answer 171

A

A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

Answer 172

A

C. application blocking list

Verified

From AMP for Endpoints User Guide, chapter 2: Outbreak Control:

An application blocking list is composed of files that you do not want to allow users to execute but do not want to quarantine. You may want to use this for files you are not sure are malware, unauthorized applications, or you may want to use this to stop applications with vulnerabilities from executing until a patch has been released.

Answer 173

A

C. CoA Reauth

Verified

Answer 174

A

A. malware

D. exploits

Answer 175

A

D. It verifies that the endpoint has the latest Microsoft security patches installed

Verified

Examtopic community

Answer 176

A

B. NMAP

Verified

Examtopic community

Answer 177

A

C. It protects endpoint systems through application control and real-time scanning

Verified

Examtopic community

Answer 178

A

B. because human error or insider threats will still exist

Answer 179

A

B. CoA

Verified

See -https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

When an endpoint is deleted from the Endpoints page and the endpoint is disconnected or removed from the network

Answer 180

A

A. when there is a need to have more advanced detection capabilities

Verified

https://www.esecurityplanet.com/endpoint/antivirus-vs-epp-vs-edr/#:~:text=Endpoint%20detection%20and%20response%20(EDR)%20represents%20the%20newest%20and%20most,advanced%20layer%20of%20endpoint%20protection.&text=Whereas%20EPP%20is%20a%20first,they%20can%20cause%20significant%20damage.

Answer 181

A

A. RADIUS

C. DHCP

Verified

https: //www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html
https: //www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

Answer 182

A

C. secure access to on-premises and cloud applications

E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

Verified

https://duo.com/

Answer 183

A

A. biometric factor

D. knowledge factor

Verified

There are three categories of factors: knowledge (something the user knows), possession (something a user has), and inherence or characteristics (something the user is). Authentication by knowledge is where the user provides a secret that is only known by him or her. An example of authentication by knowledge would be a user providing a password, a personal identification number (PIN) code, or answering security questions. Examples of authentication by ownership or possession include the following: a one-time passcode, memory card, smartcard, and out-of-band communication A system that uses authentication by characteristic authenticates the user based on some physical or behavioral characteristic, sometimes referred to as a biometric attribute. The most used physical or physiological characteristics are as follows: Fingerprints, Face recognition, Retina and iris, … Examples of behavioral characteristics are as follows: Signature dynamic, Keystroke dynamic/pattern

Answer 184

A

A. asset inventory management

B. allowed application management

Verified

Examtopics

Answer 185

A

A. to register new laptops and mobile devices

Verified

Q. Why do I need to use the My Devices Portal?

A. Depending on your company policy, you might be able to use your mobile phones, tablets, printers, Internet radios, and other network devices on your company’s network. You can use the My Devices Portal to register and manage these devices on your company’s network. When you use a laptop computer, mobile phone, or tablet to access the Internet, you typically use a web browser on the device itself.

Answer 186

A

B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Verified

Easy Connect simplifies network access control and segmentation by allowing the assignment of Security Group Tags to endpoints without requiring 802.1X on those endpoints, whether using wired or wireless connectivity. Active Directory logins are used to map user information onto network connections, which are then used for authorizing users on the network even when the Identity Services Engine (ISE) is not involved in the authentication process. Consequently, this authorization method only supports devices that authenticate with a Domain Controller. Easy Connect can also be used as a backup authentication method to 802.1X, to ensure that managed assets are classified even when an 802.1X supplicant is not correctly configured. This can dramatically reduce help desk calls

Answer 187

A

D. Ethos Engine to perform fuzzy fingerprinting

Verified

Spero: A machine-learning-based technology that proactively identifies threats that were previously unknown. Uses active heuristics to gather execution attributes Needs good data in large sets to tune Built to identify new malware

Ethos: A generic signature capability, again ostensibly similar to the generic detection capabilities that some vendors provide. Directed at families of malware Can have more false positives than 1-to-1 signatures

Answer 188

A

A. It validates if anti-virus software is installed

Verified

Examtopics community

Answer 189

A

D. Cisco ISE

Verified

Answer 190

A

D. RADIUS Live Logs

Verified

Examtopics community

Answer 191

A

A. Ensure that antivirus and antimalware software is up-to-date

Verified

Examtopics community

Answer 192

A

A. To prevent brute force attacks from being successful

Verified

Examtopics community

Answer 193

A

C. interpacket variation

Verified

Flow information: This information contains information about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc.
Context details: Context information is derived outside the packet header, including variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.

Answer 194

A

D. model-driven telemetry

Answer 195

A

B. central web auth

E. local web auth

Answer 196

A

C. Active Directory

Answer 197

A

A. Cisco Identity Services Engine and AnyConnect Posture module

Answer 198

A

D. Tetration

https://www.cisco.com/c/en/us/solutions/security/secure-data-center-solution/index.html#~products

Answer 199

A

B. Cisco Identity Services Engine

Answer 200

A

A. It delivers visibility and threat detection.

Answer 201

A

A. Cisco Umbrella

Answer 202

A

A. Cisco Platform Exchange Grid

Answer 203

A

A. Messenger applications cannot be segmented with standard network controls

E. Outgoing traffic is allowed so users can communicate with outside organizations

Verified

Examtopic community

Answer 204

A

B. Cisco Application Visibility and Control

Verified

https://www.cisco.com/c/en/us/products/routers/avc-control.html

Answer 205

A

D. Telemetry

Verified

Telemetry- Information and/or data that provides awareness and visibility into what is occurring on the network at any given time from networking devices, appliances, applications or servers in which the core function of the device is not to generate security alerts designed to detect unwanted or malicious activity from computer networks.

https://www.cisco.com/c/dam/en_us/about/doing_business/legal/service_descriptions/docs/activethreat- analytics-premier.pd

Answer 206

A

C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

Verfied

Answer 207

A

C. dot1x pae authenticator

Verified

Answer 208

A

A. UDP 1700

Verified

RADIUS Change of Authorization (CoA) Send: UDP/1700

RADIUS Change of Authorization (CoA) Listen/Relay: UDP/1700, 3799

https://www.cisco.com/c/en/us/td/docs/security/ise/20/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

Answer 209

A

A. data exfiltration

B. command and control communication

Verified

https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-a-glance-c45-736555.pdf

Researchers on our Cognitive Threat Analytics team have found that when attackers have established a foothold within an organization, more than 90 percent of them use the web for command-and-control communications and to exfiltrate sensitive information.

Answer 210

A

A. Platform Exchange Grid

Verified

Answer 211

A

D. noncompliant

Verified

Unknown Profile If no matching posture policy is defined for an endpoint, then the posture compliance status of the endpoint may be set to unknown. A posture compliance status of unknown can also apply to an endpoint where a matching posture policy is enabled but posture assessment has not yet occurred for that endpoint and, therefore no compliance report has been provided by the client agent.

Noncompliant Profile The posture compliance status of an endpoint is set to non-compliant when a matching posture policy is defined for that endpoint but it fails to meet all the mandatory requirements during posture assessment. An endpoint that is postured noncompliant matches a posture requirement with a remediation action, and it should be granted limited network access to remediation resources in order to remediate itself.

Answer 212

A

B. Cisco Tetration

Verified

https://www.cisco.com/c/en/us/products/security/tetration/index.html

Answer 213

A

B. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud.

Verified

https://www.braindump2go.com/free-online-pdf/350-701-PDF-Dumps(257-279).pdf

Answer 214

A

B. Use MAB with profiling.

Verified

Answer 215

A

A. East-West

Answer 216

A

B. North-South

Answer 217

A

B. Southbound API

Answer 218

A

A. Northbound API

Northbound APIs (SDN northbound APIs) are typically RESTful APIs that are used to communicate between the SDN controller and the services and applications running over the network. Such northbound APIs can be used for the orchestration and automation of the network components to align with the needs of different applications via SDN network programmability.

Cisco has the concept of intent-based networking. On different occasions, you may see northbound APIs referred to as “intent-based APIs.”

Answer 219

A

B. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device.

Verified

Answer 220

A

A. Configure the domain.com address in the block list.

Verified

https://docs.umbrella.com/deployment-umbrella/docs/wild-cards

Answer 221

A

D. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

Verified

Firepower Management Center Configuration Guide, Version 6.0 - Access Control Rules: URL Filtering [Cisco Firepower Management Center] - Cisco

Answer 222

A

B. anycast IP

Verified

AnyCast - https://umbrella.cisco.com/blog/why-the-cisco-umbrella-global-network-uses-anycast-routing

“One of the technologies that helps us maintain our great availability and speed is called anycast routing. In this blog post we’ll explain what anycast routing is, how we use it, and how it helps us maintain our 100% uptime and availability for our customers.”

Answer 223

A

C. PAC file

Verified

A Proxy Auto-Configuration (PAC) file contains a set of rules coded in JavaScript which allows a web browser to determine whether to send web traffic direct to the Internet or be sent via a proxy server.

PAC files can control how a web browser handles HTTP, HTTPS, and FTP traffic.

Answer 224

A

B. simple custom detections

D. allowed applications

Verified

Secure Endpoint User Guide.book (cisco.com)

Answer 225

A

B. mandatory

Verified

Examtopics community

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010111.html

Answer 226

A

D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

Verified

https://docs.umbrella.com/deployment-umbrella/docs/internal-networks-setup-guide

Answer 227

A

C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud.

Verified

Answer 228

A

B. Cisco Stealthwatch Cloud PNM

Verified

Answer 229

A

D. data exfiltration

Brainscape's Knowledge GenomeTM

CCNP SCOR 350-701 - Actual Exam Questions Flashcards

Brainscape's Knowledge Genome^TM