Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco 350-701 > Exam B > Flashcards

Exam B Flashcards

1
Q

DoS attacks are categorized as what?

A. phishing attacks
B. flood attacks
C. virus attacks
D. trojan attacks

A

flood attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced visibility, promote compliance, shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?

A. Cisco SDN
B. Cisco ISE
C. Cisco Security Compliance Solution
D. Cisco DNA Center

A

Cisco DNA Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which Cisco security solution stops exfiltration using HTTPS?

A. Cisco CTA
B. Cisco AnyConnect
C. Cisco FTD
D. Cisco ASA

A

Cisco CTA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?

A. The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.

B. The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity

C. AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.

D. AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

A

AMP for Endpoints stops and tracks malicious activity on hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a benefit of flexible NetFlow records?

A. They have customized traffic identification
B. They are used for accounting
C. They monitor a packet from Layer 2 to Layer 5
D. They are used for security

A

They have customized traffic identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An engineer recently completed the system setup on a Cisco WSA. Which URL information does the system send to SensorBase Network servers?

A. Summarized server-name information and MD5-hashed path information

B. none because SensorBase Network Participation is disabled by default

C. URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect

D. complete URL, without obfuscating the path segments

A

complete URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the Cisco Endpoint IoC feature?

A. It is an incident response tool
B. It provides precompromise detection
C. It is a signature-based engine
D. It provides stealth threat prevention

A

It is an incident response tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

A. api/v1/fie/config
B. api/v1/onboarding/workflow
C. api/v1/onboarding/pnp-device
D. api/v1/onboarding/pnp-device/import

A

api/v1/onboarding/pnp-device/import

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does endpoint isolation in Cisco AMP for Endpoints security protect from?

A. a malware spreading across the user device
B. an infection spreading across the network
C. an infection spreading across the LDAP or Active Directory domain from a user account
D. a malware spreading across the LDAP or Active Directory domain from a user account

A

a malware spreading across the user device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file. What type of Outbreak Control list must the SHA-256 hash value for the file be added to in order to accomplish this?

A. Advanced Custom Detection
B. Blocked Application
C. Simple Custom Detection
D. Isolation

A

Blocked Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which feature does the IaaS model provide?

A. granular control of data
B. software-defined network segmentation
C. dedicated, restricted workstations
D. automatic updates and patching of software

A

dedicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

A. VMware APIC
B. VMware vRealize
C. VMware fusion
D. VMware horizons

A

VMware vRealize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which two capabilities does an MDM provide? (Choose two)

A. delivery of network malware reports to an inbox in a schedule

B. unified management of mobile devices, Macs, and PCs from a centralized dashboard

C. enforcement of device security policies from a centralized dashboard

D. manual identification and classification of client devices

E. unified management of Android and Apple devices from a centralized dashboard

A

unified management of mobile devices, Macs, and PCs from a centralized dashboard

enforcement of device security policies from a centralized dashboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are two recommended approaches to stop DNS tunneling for data exfiltration and command and control call backs? (Choose two)

A. Use intrusion prevention system.
B. Block all TXT DNS records.
C. Enforce security over port 53.
D. Use next generation firewalls.
E. Use Cisco Umbrella.

A

Enforce security over port 53.

Use Cisco Umbrella.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two)

A. It prevents use of compromised accounts and social engineering.
B. It prevents all zero-day attacks coming from the Internet.
C. It automatically removes malicious emails from users’ inbox.
D. It prevents trojan horse malware using sensors.
E. It secures all passwords that are shared in video conferences.

A

It prevents all zero-day attacks coming from the Internet.

It automatically removes malicious emails from users’ inbox.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which capability is provided by application visibility and control?

A. reputation filtering
B. data obfuscation
C. data encryption
D. deep packet inspection

A

deep packet inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?

A. EAPOL
B. SSH
C. RADIUS
D. TACACS+

A

TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?

A. CDP
B. NTP
C. syslog
D. DNS

A

NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the difference between EPP and EDR?

A. EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.
B. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.
C. EDR focuses solely on prevention at the perimeter.
D. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

A

Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Clsc427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

A. ntp server 192.168.1.110 key 1 prefer
B. ntp peer 192.168.1.110 prefer key 1
C. ntp server 192.168.1.110 primary key 1
D. ntp peer 192.168.1.110 key 1 primary

A

ntp server 192.168.1.110 key 1 prefer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which algorithm is an NGE hash function?

A. HMAC
B. SHA-1
C. MD5
D. SHA-2

A

SHA-2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?

A. file prevalence
B. file discovery
C. file conviction
D. file manager

A

file prevalence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

```During a recent security audit, a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command. The VPN peer is a SOHO router with a dynamically assigned IP address. Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn.sohoroutercompany.com. In addition to the command crypto isakmp key Cisc123456789 hostname vpn.sohoroutercompany.com, what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)

A. ip host vpn.sohoroutercompany.com <VPN>
B. crypto isakmp identity hostname
C. Add the dynamic keyword to the existing crypto map command
D. fqdn vpn.sohoroutercompany.com <VPN>
E. ip name-server <DNS>```</DNS></VPN></VPN>

A

```ip host vpn.sohoroutercompany.com <VPN></VPN>

crypto isakmp identity hostname```

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which command is used to log all events to a destination collector 209.165.201.10?

A. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10

B. CiscoASA(config-cmap)# flow-export event-type flow-update destination 209.165.201.10

C. CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 209.165.201.10

D. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.10

A

CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A company identified a phishing vulnerability during a pentest. What are two ways the company can protect employees from the attack? (Choose two)

A. using Cisco ISE
B. using Cisco FTD
C. using an inline IPS/IDS in the network
D. using Cisco ESA
E. using Cisco Umbrella

A

using Cisco ESA

using Cisco Umbrella

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?

A. CoA request
B. AAA attributes
C. carrier-grade NAT
D. AV pair

A

CoA request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the components of endpoint protection against social engineering attacks?

A. firewall
B. IDS
C. IPsec
D. ESA

A

ESA

28
Q

A company recently discovered an attack propagating throughout their Windows network via a file named abc4350G8l99xyz.exe. The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list. Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise. What must be performed to ensure detection of the malicious file?

A. Upload the malicious file to the Blocked Application Control List

B. Use an Advanced Custom Detection list instead of a Simple Custom Detection List

C. Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis

D. Upload the SHA-256 hash for the file to the Simple Custom Detection List

A

Upload the SHA-256 hash for the file to the Simple Custom Detection List

29
Q

Which feature requires that network telemetry be enabled?

A. SNMP trap notification
B. Layer 2 device discovery
C. central syslog system
D. per-interface stats

A

central syslog system

30
Q

Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)

A. posture assessment
B. aaa server radius dynamic-author
C. tacacs-server host 10.1.1250 key password
D. CoA
E. aaa authorization exec default local

A

posture assessment

tacacs-server host 10.1.1250 key password

31
Q

An engineer must set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simply administration. Which switch port MAC address security setting must be used?

A. static
B. sticky
C. maximum
D. aging

A

sticky

32
Q

What is the concept of CI/CD pipelining?

A. Each project phase is independent from other phases to maintain adaptiveness and continual improvement

B. The project is split into several phases where one phase cannot start before the previous phase finishes successfully

C. The protect code a centrally maintained and each code change should trigger an automated build and test sequence

D. The project is split into time-limited cycles and focuses on pair programming for continuous code review

A

The protect code a centrally maintained and each code change should trigger an automated build and test sequence

33
Q

Which feature only implements on the Cisco ASA in the transparent mode?

A. inspect anycast traffic
B. stateful inspection
C. inspect application layer of the traffic sent between hosts
D. inspect traffic between hosts in the same subnet

A

inspect traffic between hosts in the same subnet

34
Q

What are two functionalities of SDN southbound APIs? (Choose two)

A. Southbound APIs provide a programmable interface for applications to configure the network

B. Southbound APIs form the interface between the SDN controller and the network switches and routers

C. OpenFlow is a standardized southbound API protocol used between the SDN controller and the switch

D. Application layer programs communicate with the SDN controller through the southbound APIs

E. Southbound APIs form the interface between the SDN controller and business applications

A

Southbound APIs form the interface between the SDN controller and the network switches and routers

OpenFlow is a standardized southbound API protocol used between the SDN controller and the switch

35
Q

An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE. Which action accomplishes this task ?

A. Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot get an IP address

B. Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE

C. Modify the DHCP relay and point the IP address to Cisco ISE

D. Configure DHCP snooping on the switch VLANs and trust the necessary interfaces

A

Modify the DHCP relay and point the IP address to Cisco ISE

36
Q

Which Cisco Firewall solution requires zone definition?

A. CBAC
B. Cisco AMP
C. ZBFW
D. Cisco ASA

A

Cisco AMP

37
Q

For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?

A. by specifying blocked domains in me policy settings
B. by specifying the websites in a custom blocked category
C. by adding the websites to a blocked type destination list
D. by adding the website IP addresses to the Cisco Umbrella blocklist

A

by adding the websites to a blocked type destination list

38
Q

Which threat intelligence standard contains malware hashes?

A. structured threat information expression
B. advanced persistent threat
C. trusted automated exchange or indicator information
D. open command and control

A

structured threat information expression

39
Q

Which ESA implementation method segregates inbound and outbound email?

A. one listener on a single physical interface

B. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

C. pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces

D. one listener on one logical IPv4 address on a single logical interface

A

pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces

40
Q

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?

A. MDA on the router
B. PBR on Cisco WSA
C. WCCP on switch
D. DNS resolution on Cisco WSA

A

WCCP on switch

41
Q

What is a function of Cisco AMP for Endpoints?

A. It detects DNS attacks
B. It protects against web-based attacks
C. It blocks email-based attacks
D. It automates threat responses of an infected host

A

It automates threat responses of an infected host

42
Q

An engineer needs to detect and quarantine a file named abc424400664 zip based on the MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced Malware Protection (AMP) for Endpoints. The configured detection method must work on files of unknown disposition. Which Outbreak Control list must be configured to provide this?

A. Blocked Application
B. Simple Custom Detection
C. Advanced Custom Detection
D. Android Custom Detection

A

Advanced Custom Detection

42
Q

Refer to the exhibit.

aaa new-model
radius-server host 10.0.0.12 key secret12

What is the result of using this authentication protocol in the configuration?

A. The authentication request contains only a username.

B. The authentication request contains only a password.

C. There are separate authentication and authorization request packets.

D. The authentication and authorization requests are grouped in a single packet.

A

The authentication and authorization requests are grouped in a single packet.

43
Q

With regard to RFC 5176 compliance, how many IETF attributes are supported by the RADIUS CoA feature?

A. 3
B. 5
C. 10
D. 12

A

5

44
Q

Which Cisco ISE feature helps to detect missing patches and helps with remediation?

A. posture assessment
B. profiling policy
C. authentication policy
D. enabling probes

A

posture assessment

45
Q

An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?

A. It can grant third-party SIEM integrations write access to the S3 bucket

B. Data can be stored offline for 30 days.

C. It is included in the license cost for the multi-org console of Cisco Umbrella

D. No other applications except Cisco Umbrella can write to the S3 bucket

A

It can grant third-party SIEM integrations write access to the S3 bucket

46
Q

What are two functions of IKEv1 but not IKEv2? (Choose two)

A. NAT-T is supported in IKEv1 but not in IKEv2.

B. With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext

C. With IKEv1, mode negotiates faster than main mode

D. IKEv1 uses EAP authentication

E. IKEv1 conversations are initiated by the IKE_SA_INIT message

A

With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext

With IKEv1, mode negotiates faster than main mode

47
Q

Which feature must be configured before implementing NetFlow on a router?

A. SNMPv3
B. syslog
C. VRF
D. IP routing

A

IP routing

48
Q

What is the most commonly used protocol for network telemetry?

A. SMTP
B. SNMP
C. TFTP
D. NetFlow

A

NetFlow

49
Q

An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration. Which solution best meets these requirements?

A. Cisco CloudLock
B. Cisco AppDynamics Cloud Monitoring
C. Cisco Umbrella
D. Cisco Stealthwatch

A

Cisco Stealthwatch

50
Q

In which two customer environments is the Cisco WSAv connector traffic direction method selected? (Choose two)

A. Customer owns ASA Appliance and SSL Tunneling is required.

B. Customer does not own Cisco hardware and needs Transparent Redirection (WCCP).

C. Customer needs to support roaming users.

D. Customer owns ASA Appliance and Virtual Form Factor is required.

E. Customer does not own Cisco hardware and needs Explicit Proxy.

A

Customer does not own Cisco hardware and needs Transparent Redirection (WCCP).

Customer owns ASA Appliance and Virtual Form Factor is required.

51
Q

What is offered by an EPP solution but not an EDR solution?

A. containment
B. detection
C. investigation
D. sandboxing

A

sandboxing

52
Q

Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?

A. Kerberos security solution
B. single-sign on
C. multifactor authentication
D. RADIUS/LDAP authentication

A

multifactor authentication

53
Q

An engineer is configuring Cisco WSA and needs to ensure end clients are protected against DNS spoofing attacks. Which deployment method accomplishes this goal?

A. transparent mode
B. Web Cache Communication Protocol
C. explicit forward
D. single context mode

A

explicit forward

54
Q

Which Cisco network security device supports contextual awareness?

A. ISE
B. Cisco IOS
C. Cisco ASA
D. Firepower

A

ISE

55
Q

Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two)

A. flow-export event-type
B. policy-map
C. access-list
D. flow-export template timeout-rate 15
E. access-group

A

flow-export event-type

policy-map

56
Q

What does Cisco ISE use to collect endpoint attributes that are used in profiling?

A. probes
B. posture assessment
C. Cisco AnyConnect Secure Mobility Client
D. Cisco pxGrid

A

probes

57
Q

Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?

A. Link Aggregation
B. Reverse ARP
C. private VLANs
D. Dynamic ARP Inspection

A

Dynamic ARP Inspection

58
Q

An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG. The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?

A. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.

B. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.

C. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI

D. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.

A

Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI

59
Q

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?

A. Configure an advanced custom detection list
B. Configure an IP Block & Allow custom detection list
C. Configure an application custom detection list
D. Configure a simple custom detection list

A

Configure an advanced custom detection list

60
Q

An organization is using DNS services for their network and want to help improve the security of the DNS infrastructure. Which action accomplishes this task?

A. Use DNSSEC between the endpoints and Cisco Umbrella DNS servers.

B. Modify the Cisco Umbrella configuration to pass queries only to non-DNSSEC capable zones.

C. Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional.

D. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.

A

Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers

61
Q

Which Cisco security solution secures public, private, hybrid, and community clouds?

A. Cisco ISE
B. Cisco ASAv
C. Cisco Cloudlock
D. Cisco pxGrid

A

Cisco Cloudlock

62
Q

What is the target in a phishing attack?

A. perimeter firewall
B. IPS
C. web server
D. endpoint

A

endpoint

63
Q

Which Cisco security solution provides patch management in the cloud?

A. Cisco Umbrella
B. Cisco ISE
C. Cisco CloudLock
D. Cisco Tetration

A

Cisco CloudLock

64
Q

Which statement describes a serverless application?

A. The application delivery controller in front of the server farm designates on which server the application runs each time.

B. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

C. The application is installed on network equipment and not on physical servers.

D. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

A

The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider

Cisco 350-701 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions